Question #1 Topic 1
As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group
memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the
GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted? In the GCDS configuration manager, update the group deletion policy setting to “don't delete Google groups not found in LDAP.” Use the Directory API to check and update the group’s membership after the GCDS sync is completed. Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute. In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”.
Question #2 Topic 1
Your marketing department needs an easy way for users to share items more appropriately. They want to easily link-share Drive files within the
marketing department, without sharing them with your entire company. What should you do to fulfil this request? (Choose two.) Create a shared drive that's shared internally organization-wide. Update Drive sharing for the marketing department to restrict to internal. Create a shared drive for internal marketing use. Update the link sharing default to the marketing team when creating a document. In the admin panel Drive settings, create a target audience that has all of marketing as members.
Question #3 Topic 1
Your company has a broad, granular IT administration team, and you are in charge of ensuring proper administrative control. One of those teams,
the security team, requires access to the Security Investigation Tool. What should you do? Assign the pre-built security admin role to the security team members. Create a Custom Admin Role with the Security Center privileges, and then assign the role to each of the security team members. Assign the Super Admin Role to the security team members. Create a Custom Admin Role with the security settings privilege, and then assign the role to each of the security team members.
Question #4 Topic 1
Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying
content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party
app. What steps should you take from the admin panel to prevent users from copying data from work to non-work apps on iOS devices? Navigate to “Data Protection” setting in Google Admin Console's Device management section and disable the “Allow users to copy data to personal apps” checkbox. Disable “Open Docs in Unmanaged Apps” setting in Google Admin Console’s Device management section. Navigate to Devices > Mobile and endpoints > Universal Settings > General and turn on Basic Mobile Management. Clear the “Allow items created with managed apps to open in unmanaged apps” checkbox.
Question #5 Topic 1
Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate
managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you
perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.) Confirm that the user has a Google Workspace Enterprise Plus license. Delete and recreate a new Context-Aware Access device policy. Check whether device policy application is installed on users’ devices. Confirm that the user has at least a Google Workspace Business license. Check whether Endpoint Verification is installed on users’ desktops.
Question #6 Topic 1
Your organization has enabled spoofing protection against unauthenticated domains. You are receiving complaints that email from multiple
partners is not being received. While investigating this issue, you find that emails are all being sent to quarantine due to the configured safety
setting. What should be the next step to allow uses to review these emails and reduce the internal complaints while keeping your environment
secure? Add your partner domains IPs to the Inbound Gateway setting. Change the spoofing protection to deliver the emails to spam instead of quarantining them. Add your partner sending IP addresses to an allowlist. Change the spoofing protection to deliver the emails to inboxes with a custom warning instead of quarantining them.
Question #7 Topic 1
As the Workspace Administrator, you have been asked to delete a temporary Google Workspace user account in the marketing department. This
user has created Drive documents in My Documents that the marketing manager wants to keep after the user is gone and removed from
Workspace. The data should be visible only to the marketing manager. As the Workspace Administrator, what should you do to preserve this user's
Drive data? the user deletion process, select “Transfer” in the data in other apps section and add the manager's email address. Use Google Vault to set a retention period on the OU where the users reside. Before deleting the user, add the user to the marketing shared drive as a contributor and move the documents into the new location. Ask the user to create a folder under MyDrive, move the documents to be shared, and then share that folder with the marketing team manager.
Question #8 Topic 1
As a Google Workspace administrator for your organization, you are tasked with controlling which third-party apps can access Google Workspace
data. Before implementing controls, as a first step in this process, you want to review all the third-party apps that have been authorized to access
Workspace data. What should you do? Open Admin Console > Security > API Controls > App Access Control > Manage Third Party App Access. Open Admin Console > Security > API Controls > App Access Control > Manage Google Services. Open Admin Console > Security > Less Secure Apps. Open Admin Console > Security > API Controls > App Access Control > Settings.
Question #9 Topic 1
Your organization wants more visibility into actions taken by Google staff related to your data for audit and security reasons. They are specifically
interested in understanding the actions performed by Google support staff with regard to the support cases you have opened with Google. What
should you do to gain more visibility? From Google Admin Panel, go to Audit, and select Access Transparency Logs. From Google Admin Panel, go to Audit, and select Login Audit Log. From Google Admin Panel, go to Audit, and select Rules Audit Log. From Google Admin Panel, go to Audit, and select Admin Audit Log.
Question #10 Topic 1
Your organization recently had a sophisticated malware attack that was propagated through embedded macros in email attachments. As a
Workspace administrator, you want to provide an additional layer of anti-malware protection over the conventional malware protection that is built
into Gmail. What should you do to protect your users from future unknown malware in email attachments? Run queries in Security Investigation Tool. Turn on advanced phishing and malware protection Enable Security Sandbox. Enable Gmail confidential mode.
Question #11 Topic 1
Your organization's information security team has asked you to determine and remediate if a user (user1@example.com) has shared any sensitive
documents outside of your organization. How would you audit access to documents that the user shared inappropriately? Open Security Investigation Tool-> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is user1@example.com. Have the super administrator use the Security API to audit Drive access. As a super administrator, change the access on externally shared Drive files manually under user1@example.com. Open Security Dashboard-> File Exposure Report-> Export to Sheet, and filter for user1@example.com.
Question #12 Topic 1
A user is reporting that external, inbound messages from known senders are repeatedly being incorrectly classified as spam. What steps should
the admin take to prevent this behavior in the future? Modify the SPF record for your internal domain to include the IPs of the external user's mail servers. Update the spam settings in the Admin Console to be less aggressive. Add the sender's domain to an allowlist via approved senders in the Admin Console. Instruct the user to add the senders to their contacts.
Question #13 Topic 1
The credentials of several individuals within your organization have recently been stolen. Using the Google Workspace login logs, you have
determined that in several cases, the stolen credentials have been used in countries other than the ones your organization works in. What else can
you do to increase your organization's defense-in-depth strategy? Implement an IP block on the malicious user's IPs under Security Settings in the Admin Console. Use Context-Aware Access to deny access to Google services from geo locations other than the ones your organization operates in. Enforce higher complexity passwords by rolling it out to the affected users. Use Mobile device management geo-fencing to prevent malicious actors from using these stolen credentials.
Question #14 Topic 1
You are the Workspace administrator for an international organization with Enterprise Plus Workspace licensing. A third of your employees are
located in the United States, another third in Europe, and the other third geographically dispersed around the world. European employees are
required to have their data stored in Europe. The current OU structure for your organization is organized by business unit, with no attention to user
location. How do you configure Workspace for the fastest end user experience while also ensuring that European user data is contained in
Europe? Configure a data region at the top level OU of your organization, and set the value to “Europe”. Add three additional OU structures to designate location within the current OU structure. Assign the corresponding data region to each. Configure a configuration group for European users, and set the data region to “Europe”. Configure three configuration groups within your domain. Assign the appropriate data regions to each corresponding group, but assign no
preference to the users outside of the United States and Europe.
Question #15 Topic 1
As a team manager, you need to create a vacation calendar that your team members can use to share their time off. You want to use the calendar
to visualize online status for team members, especially if multiple individuals are on vacation What should you do to create this calendar? Request the creation of a calendar resource, configure the calendar to “Auto-accept invitations that do not conflict,” and give your team “See all event details” access. Create a secondary calendar under your account, and give your team “Make changes to events” access. Request the creation of a calendar resource, configure the calendar to “Automatically add all invitations to this calendar,” and give your team “See only free/busy” access. Create a secondary calendar under your account, and give your team “See only free/busy” access.
Question #16 Topic 1
Your Finance team has to share quarterly financial reports in Sheets with an external auditor. The external company is not a Workspace customer
and allows employees to access public sites such as Gmail and Facebook. How can you provide the ability to securely share content to
collaborators that do not have a Google Workspace or consumer (Gmail) account? Allow external sharing with the auditor using the ‘Trusted Domains’ feature. Enable the ‘Visitor Sharing’ feature, and demonstrate it to the Finance team. Use the ‘Publish’ feature in the Sheets editor to share the contents externally. Attach the Sheet file to an email message, and send to the external auditor.
Question #17 Topic 1
Your organization has noticed several incidents of accidental oversharing inside the organization. Specifically, several users have shared sensitive
Google Drive items with the entire organization by clicking ‘anyone in this group with this link can view’. You have been asked by senior
management to help users share more appropriately and also to prevent accidental oversharing to the entire organization. How would you best
accomplish this? Create groups, add users accordingly, and educate users on how to share to specific groups of people. Disable sharing to the entire organization so that users must consciously add every person who needs access. Determine sharing boundaries for users that work with sensitive information, and then implement target audiences. Temporarily disable the Google Drive service for individuals who continually overshare.
Question #18 Topic 1
You are a Workspace Administrator with a mix of Business Starter and Standard Licenses for your users. A Business Starter User in your domain
mentions that they are running out of Drive Storage Quota. Without deleting data from Drive, what two actions can you take to alleviate the quota
concerns for this user? (Choose two.) Add other users as “Editors” on the Drive object, thus spreading the storage quota debt between all of them. Manually export and back up the data locally, and delete the affected files from Drive to alleviate the debt. Make another user the “Owner” of the Drive objects, thus transferring the storage quota debt to them. Perform an API query for large storage drive objects, and delete them, thus alleviating the quota debt. Move the affected items to a Shared Drive. Shared Drives transfer ownership of the drive item to the domain itself, which alleviates the quota debt from that user.
Question #19 Topic 1
Your organization is preparing to deploy Workspace and will continue using your company’s existing identity provider for authentication and single
sign-on (SSO). In order to migrate data from an external system, you were required to provision each user’s account in advance. Your IT team and
select users (~5% of the organization) have been using Workspace for configuration and testing purposes. The remainder of the organization can
technically access their accounts now, but the IT team wants to block their access until the migrations are complete. What should your
organization do? Remove Google Workspace license to prevent users from accessing their accounts now. Suspend users that the organization does not wish to have access. Add the users to the OU with all services disabled. Use Context-Aware Access to simultaneously block access to all services for all users and allow access to all services for the allowed users.
Question #20 Topic 1
Your company has acquired a new company in Japan and wants to add all employees of the acquisition to your existing Google Workspace
domain. The new company will retain its original domain for email addresses and, due to the very sensitive nature of its work, the new employees
should not be visible in the global directory. However, they should be visible within each company's separate directory. What should you do to
meet these requirements? Create a new Google Workspace domain isolated from the existing one, and create users in the new domain instead. Under Directory Settings > Contact sharing, disable the contact sharing option and wait for 24 hours to allow the settings to propagate before creating the new employee accounts. Redesign your OU organization to have 2 child OUs for each company directly under the root. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the OU. Create one dynamic group for each company based on a custom attribute defining the company. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the dynamic group.
Question #21 Topic 1
You are in the middle of migrating email from on-premises Microsoft Exchange to Google Workspace. Users that you have already migrated are
complaining of messages from internal users going into spam folders. What should you do to ensure that internal messages do not go into Gmail
spam while blocking spoofing attempts? Train users to click on Not Spam button for emails. Add all users of your domain to an approved sender list. Force TLS for your domain. Ensure that your inbound gateway is configured with all of your Exchange server IP addresses.
Question #22 Topic 1
A user is reporting that after they sign in to Gmail, their labels are not loading and buttons are not responsive. What action should you take to
troubleshoot this issue with the user? Collect full message headers for examination. Check whether the issue occurs when the user authenticates on a different device or a new incognito window. Check whether a ping test to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful. Check whether traceroute to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful.
Question #23 Topic 1
A retail company has high employee turnover due to the cyclical nature in the consumer space. The increase in leaked confidential content has
created the need for a specific administrative role to monitor ongoing employee security investigations. What step should you take to increase the
visibility of such investigations? Assign the ‘Services Admin’ role to an administrator with ‘Super Admin’ privileges. Create a ‘Custom Role’ and add all the Google Vault privileges for a new administrator. Validate that the new administrator has access to Google Vault. Create a ‘Custom Role’ and add the ability to manage Google Vault matters, holds, searches, and exports.
Question #24 Topic 1
A subset of users from the finance and human resources (HR) teams need to share documents with an external vendor. However, external content
sharing is prohibited for the entire finance team. What would be the most secure method to enable external sharing for this set of users? Download and attach the documents to a Gmail message, and send them to the external vendor. Move all users from the finance org unit to the HR org unit. Enable ‘Visitor Sharing’ for the entire finance org unit. Create a group with the finance and HR users who need to share externally.
Question #25 Topic 1
As the newly hired Admin in charge of Google Workspace, you learn that the organization has been using Google Workspace for months and has
configured several security rules for accessing Google Drive. A week after you start your role, users start to complain that they cannot access
Google Drive anymore from one satellite office and that they receive an error message that “a company policy is blocking access to this app.” The
users have no issue with Gmail or Google Calendar. While investigating, you learn that both this office's Internet Service Provider (ISP) and the
global IP address when accessing the internet were changed over the weekend. What is the most logical reason for this issue? An access level was defined based on the IP range and applied to Google Drive via Context-Aware Access. Under Drive and Docs > Sharing Settings, the “Whitelisted domains” list needs to be updated to add the new ISP domain. The Network Mask defined in Security > Settings > SSO with 3rd Party IdPs should be updated to reflect the new IP range. You need to raise a ticket to Google Cloud Support to have your new IP ranges registered for Drive API access.
Question #26 Topic 1
An end user informs you that they are having issues receiving mail from a specific sender that is external to your organization. You believe the
issue may be caused by the external entity’s SPF record being incorrectly configured. Which troubleshooting step allows you to examine the full
message headers for the offending message to determine why the messages are not being delivered? Use the Postmaster Tools API to pull the message headers. Use the Email Log Search to directly review the message headers. Use the Security Investigation Tool to review the message headers. Perform an SPF record check on the domain to determine whether their SPF record is valid.
Question #27 Topic 1
You have been asked to support an investigation that your litigation team is conducting. The current default retention policy for mail is 180 days,
and there are no custom mail retention policies in place. The litigation team has identified a user who is central to the investigation, and they want
to investigate the mail data related to this user without the user's awareness. What two actions should you take? (Choose two.) Move the user to their own Organization Unit, and set a custom retention policy. Create a hold on the user's mailbox in Google Vault. Reset the user's password, and share the new password with the litigation team. Copy the user's data to a secondary account. Create a matter using Google Vault, and share the matter with the litigation team members.
Question #28 Topic 1
A recent legal investigation requires all emails and Google Drive documents from a specific user to be retrieved. As the administrator, how can you
fulfill the legal team's request? Use Security Investigation Tool to Search Google Drive events for all of the user's documents, and use Google Admin > Reports > Email Log Search to find their emails. Search Google Drive for all of the user’s documents, and ask them to forward all of their emails. Use the Gmail API and Google Drive API to automatically collect and export data. Utilize Google Vault to hold, search, and export data of interest.
What steps does an administrator need to take to enforce TLS with a particular domain? Enable email safety features with the receiving domain. Set up secure transport compliance with the receiving domain. Configure an alternate secure route with the receiving domain. Set up DKIM authentication with the receiving domain.
Question #30 Topic 1
Your company’s Google Workspace primary domain is “mycompany.com,” and it has acquired a startup that is using another cloud provider with a
domain named “mystartup.com.” You plan to add all employees from the startup to your Google Workspace domain while preserving their current
mail addresses. The startup CEO's email address is andrea@mystartup.com, which also matches your company CEO's email address as
andrea@mycompany.com, even though they are different people. Each must keep the usage of their email. In addition, your manager asked to
have all existing security policies applied for the new employees without any duplication. What should you do to implement the migration? Create a secondary domain, mystartup.com, within your current Google Workspace domain, set up necessary DNS records, and create all startup employees with the secondary domain as their primary email addresses. Create an alias domain, mystartup.com, in your existing Google Workspace domain, set up necessary DNS records, and create all startup employees with the alias domain as their primary email addresses. Create a new Google Workspace domain with “mystartup.com,” and create a trust between both domains for reusing the same security policies and sharing employee information within the companies. Create the startup employees in the “mycompany.com’ domain, and add a number at the end of the user name whenever there is a conflict. In Gmail > Routing, define a specific route for the OU that targets the startup employees, which will modify the email address domain to “mystartup.com,” and remove any numbers previously added. In addition, confirm that the SPF and DKIM records are properly set.
Question #31 Topic 1
You are in charge of automating and configuring Google Cloud Directory Sync for your organization. Within the config manager, how can you
proactively prevent applying widespread deletions within your Workspace environment if your company’s LDAP undergoes a substantial
modification? Manually run Google Cloud Directory Sync only after performing a simulated sync. Specify the minimum and maximum number of objects to synchronize in each configuration item. Configure the tool to delete users only when run from the config manager. Configure limits for the maximum number of deletions on each synchronization.
Question #32 Topic 1
Your company recently acquired an organization that was not leveraging Google Workspace. Your company is currently using Google Cloud
Directory Sync (GCDS) to sync from an LDAP directory into Google Workspace. You want to deploy a second instance of GCDS and apply the same
strategy with the newly acquired organization, which also has its users in an LDAP directory. How should you change your GCDS instance to
ensure that the setup is successful? (Choose two.) Provide your current GCDS instance with admin credentials to the recently acquired organization's LDAP directory. Add an LDAP sync rule to your current GCDS instance in order to synchronize new users. Set up exclusion rules to ensure that users synced from the acquired organization's LDAP are not, suspended. Set up an additional instance of GCDS running on another server, and handle the acquired organization's synchronization. Upgrade to the multiple LDAP version of GCDS.
Question #33 Topic 1
A user reached out to the IT department about a Google Group that they own: info@company.com. The group is receiving mail, and each message
is also delivered directly to the user's Gmail inbox. The user wants to be able to reply to messages directly from Gmail and have them sent on
behalf of the group, not their individual account. Currently, their replies come from their individual account. What would you instruct the user to
do? Create a new content compliance rule that matches the user's outgoing messages with the group copied, and have it modify the sender to be the group address. Add the group as an email address that can be sent from within Gmail, and verify that the user has access. They can then choose to reply from the group. Add the user's individual account as a delegate to the group's inbox. They can then toggle between the accounts and use the Gmail interface on behalf of the group. Set the group address to be the default sender within the group's posting policies.
Question #34 Topic 1
Your organization recently deployed Google Workspace. Your admin team has been very focused on configuring the core services for your
environment, which has left you little time to pay attention to other areas. Your security team has just informed you that many users are leveraging
unauthorized add-ons, and they are concerned about data exfiltration. The admin team wants you to cut off all add-ons access to Workspace data
immediately and block all future add-ons until further notice. However, they approve of users leveraging their Workspace accounts to sign into
third-party sites. What should you do? Modify your Marketplace Settings to block users from installing any app from the Marketplace. Set all API services to “restricted access” and ensure that all connected apps have limited access. Remove all client IDs and scopes from the list of domain-wide delegation API clients. Block each connected app's access.
Question #35 Topic 1
Your organization has just completed migrating users to Workspace. Many employees are concerned about their legacy Microsoft Office
documents, including issues of access, editing, and viewing. Which two practices should you use to alleviate user concerns without limiting
Workspace collaboration features? (Choose two.) Configure Context-Aware Access policies to block access to Microsoft Office applications. Demonstrate the ability to convert Office documents to native Google file format from Drive. Demonstrate and train users to use the Workspace Migrate tool. Deliver training sessions that show the methods to access and edit native Office files in Drive, the Workspace file editors, and Drive for Desktop. Continue to use installed Office applications along with Google Drive for Desktop.
Question #36 Topic 1
Your IT team is being asked to fulfill a query by your organization's legal department that requires an MBOX file that will be shared to a third-party
partner for eDiscovery. The query must be run on multiple users. Legal has no admin rights to Google Vault. What should you do to fulfil the
request? Create a Google Vault matter for each user account, and share the matters to the legal admin. Create a Google Vault matter, search for data, and run an export for the legal department. Use the Investigation Too! to search for the data requested, and export for the legal department. Search for the data in Gmail, and export for the legal department.
Question #37 Topic 1
Your organization is using Password Sync to sync passwords from Active Directory to Google Workspace. A user changed their network password
and cannot log in to Google Workspace with the new password. What steps should you take to troubleshoot this issue? Reinstall Password Sync on all domain controllers. Reauthorize the Password Sync tool in the Google Workspace Admin Console. Confirm that the Password Sync service is running on all domain controllers. Reset the user's password in Active Directory.
Question #38 Topic 1
Your sales team, which is organized as its own organizational unit, is prone to receiving malicious attachments. What action should you take, as
an administrator, to apply an additional layer of protection in the admin console for your sales team without disrupting business operation? Configure an attachment compliance rule to send any emails with attachments received by users within the sales team organizational unit to an administrator quarantine. Configure an attachment compliance rule to strip any attachments received by users within the sales team organizational unit. Configure the security sandbox feature on the sales team organizational unit. Update the Email Allowlist in the admin console to only include IP addresses of known senders.
Question #39 Topic 1
Your organization does not allow users to share externally. The security team has recently approved an exemption for specific members of the
marketing team and sales to share documents with external customers, prospects, and partners. How best would you achieve this? Create a configuration group with the approved users as members, and use it to create a target audience. Enable external sharing for the marketing and sales organizational units. Enable external sharing only to allowlisted domains provided by marketing and sales teams. Create a configuration group with the approved users as members, and enable external sharing for this group.
Question #40 Topic 1
As a Workspace Administrator, you want to keep an inventory of the computers and mobile devices your company owns in order to track details
such as device type and who the device is assigned to. How should you add the devices to the company-owned inventory? Download the company owned inventory template CSV file from the admin panel, enter the serial number of the devices, and upload it back to the company owned inventory in the admin panel. Download the company owned inventory template CSV file from the admin panel, enter the Device OS, serial number and upload it back to the company owned inventory in the admin panel. Download the company owned inventory template CSV file from the admin panel, enter the asset tag of the devices, and upload it back to the company owned inventory in the admin panel. Download the company owned inventory template CSV file from the admin panel, enter the Device OS, asset tag and upload it back to the company owned inventory in the admin panel.
Question #41 Topic 1
When reloading Gmail in Chrome, the web browser returns a 500 Error. As part of the troubleshooting process, Google support asks you to gather
logs. How can this be accomplished? Chrome > Window Context Menu > More Tools > Developer Tools > Network Tab > Reload the page to replicate the error > “Export HAR” Admin.google.com > Reporting > Reports > Apps Reports > Gmail chrome://net-export > Start Logging to Disk > Confirm validity with https://netlog-viewer.appspot.com Chrome > Window Context Menu > More Tools > Task Manager > Screen Capture List of Running Processes.
Question #42 Topic 1
Your company is using Google Workspace Business Standard. The company has five meeting rooms that are all registered as resources in Google
Workspace and used on a daily basis by the employees when organizing meetings. The office layout was changed last weekend, and one of the
meeting rooms is now a dedicated room for management. The CEO is complaining that anyone can book the room and requested this room to be
used only by the management team and their executive assistants (EAs). No one else must be allowed to book it via Google Calendar. What
should you do? As a super administrator, modify the room calendar sharing settings, and limit it to the management and EAs group. Delete the room from Google Workspace resources, and suggest using a spreadsheet shared with the management and EAs only for the room schedule. As a super administrator, create a group calendar named “Management Room,” and share it only with the management and the EAs. Move the room resource to the management and EAs group so that only they can use it.
Question #43 Topic 1
You act as the Google Workspace Administrator for a company that has just acquired another organization. The acquired company will be
migrated into your Workspace environment in 6 months. Management has asked you to ensure that the Google Workspace users you currently
manage can efficiently access rich contact information in Workspace for all users. This needs to occur before the migration, and optimally without
additional expenditure. What step do you take to populate contact information for all users? Bulk-upload the contact information for these users via CSV into the Google Directory. Use the Domain Shared Contacts API to upload contact information for the acquired company's users. Provision and license Google Workspace accounts for the acquired company's users because they will need accounts in the future. Prepare an uploadable file to be distributed to your end users that allows them to add the acquired company’s user contact information to their personal contacts.
Question #44 Topic 1
Your organization is about to expand by acquiring two companies, both of which are using Google Workspace. The CISO has mandated that strict
‘No external content sharing’ policies must be in place and followed. How should you securely configure sharing policies to satisfy both the CISO’s
mandate while allowing external sharing with the newly acquired companies? Allow external sharing of Drive content for the IT group only. Create a Drive DLP policy that will allow sharing to only domains on an allowlist. Use shared drives to store the content, and share only individual files externally. Let users share files between the two companies by using the ‘Trusted Domains’ feature. Create an allowlist of the trusted domains, and choose sharing settings for the users.
Question #45 Topic 1
Your company is using Google Workspace Enterprise Plus, and the Human Resources (HR) department is asking for access to Work Insights to
analyze adoption of Google Workspace for all company employees. You assigned a custom role with the work Insights permission set as “view
data for all teams” to the HR group, but it is reporting an error when accessing the application. What should you do? Allocate the “view data for all teams” permission to all employees of the company. Confirm that the Work Insights app is turned ON for all employees. Confirm in Security > API controls > App Access Controls that Work Insights API is set to “unrestricted.” Confirm in Reports > BigQuery Export that the job is enabled.
Question #46 Topic 1
You received this email from the head of marketing:
Hello Workspace Admin:
Next week, a new consultant will be starting on the “massive marketing mailing” project. We want to ensure that they can view contact details of
the rest of the marketing team, but they should not have access to view contact details of anyone else here at our company. Is this something that
you can help with?
What are two of the steps you need to perform to fulfill this request? (Choose two.) Create an isolated OU for the consultants who need the restricted contacts access. Create a group that includes the contacts that the consultant is allowed to view. Apply the role of owner to the consultant in the group settings. Create the consultant inside under the marketing OU. Ensure that you have the Administrator Privilege of Services > Services settings and that Services > Contacts > Contacts Settings Message is set.
Question #47 Topic 1
A disgruntled employee has left your company and deleted all their email messages and files in Google Drive. The security team is aware that
some intellectual property may have surfaced on a public social media site. What is the first step to start an investigation into this leak? Delete the user's account in the Admin Console. Transfer data between end user Workspace accounts. Instruct a Google Vault admin to create a matter, and place all the user data on ‘hold.’ Use Google Vault to export all the user data and share among the security team.
Question #48 Topic 1
Users in your organization are routinely complaining that they receive messages containing words of profanity they find inappropriate in a
professional setting. As the administrator, what steps should you take to prevent the messages from being delivered to users’ mailboxes? Configure an objectionable content rule. Configure an attachment compliance rule. Enable optical character recognition (OCR). Set up a Gmail DLP policy.
Question #49 Topic 1
A user joined your organization and is reporting that every time they start their computer they are asked to sign in. This behavior differs from what
other users within the organization experience. Others are prompted to sign in biweekly. What is the first step you should take to troubleshoot this
issue for the individual user? Reset the user’s sign-in cookies. Confirm that this user has their employee ID populated as a sign-in challenge. Check the session length duration for the organizational unit the user is provisioned in. Verify that 2-Step Verification is enforced for this user.
Question #50 Topic 1
Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying
content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party
app. What steps should you take from the admin panel to prevent users from copying data from work to personal apps on iOS devices? (Choose
two.) Clear the “allow users to copy data to personal apps” checkbox. Turn on “Advanced Mobile Management.” Navigate to Devices > Mobile and Endpoint > iOS Settings > Data Sharing > Data Protection. Navigate to Devices > Mobile and Endpoint > iOS Settings > Data Sharing > Open Docs in Unmanaged Apps. Clear the “allow items created with managed apps to open in unmanaged apps” checkbox.
Question #51 Topic 1
You have been asked to set up a new Google Group for your Human Resources department as they onboard staff. The membership of the group
will change often. The HR team and all group members need to be able to send messages to and receive messages from all members of the
group. They are worried that new staff may accidentally post personal information to the group. How do you configure the Google Group to
prevent onboarded staff from sharing sensitive information to all group members? When provisioning the group, configure it as DLP enabled and select PII from the list of “Content Detectors”. Configure the group so that members cannot view group conversations. Configure the group with new member post moderation. Configure the group so only Owners or Managers can post to the group.
Question #52 Topic 1
You are the administrator for a 30,000-user organization. You have multiple Workspace licensing options available to end users in your domain,
according to their work responsibilities. A user may be transitioned to a different license type multiple times in a given year. Your organization has
a high turnover rate for employees. What is the most efficient way to manage your organization’s licensing? Use the Directory API to create a custom batch script that modifies the users license on a daily basis. Create a license assignment rule in the Google Admin console to set user licensing based on directory attributes. Use Google Cloud Directory Sync to modify user licensing with each sync, according to information available in the organization’s LDAP. Update user licensing in the user portion of the Admin console on an as-needed basis.
Question #53 Topic 1
Your company has numerous locations throughout the world. Each of these locations has multiple office managers that field questions from
employees through an email alias. Some questions have not been answered by an office manager. How can you create a system to assign
conversations to different receptionists using Workspace? Create a Google Groups Collaborative Inbox. Use App Script to design a ticketing system that marks conversation ownership. Contract with a third-party solution, such as ServiceNow. Create Google Tasks and assign them to receptionists to address unanswered questions.
Question #54 Topic 1
The security team for your organization is concerned about phishing attacks against your end user base. What two actions should you take to
configure the strongest possible preventative measure against phishing attacks? (Choose two.) Train end users to mark messages as spam when they see something suspicious. Configure spoofing and authentication controls to warn end users about messages that are perceived as threats. Configure spoofing and authentication controls to quarantine messages that are perceived as threats. Enforce confidential mode for all messages sent and received from your Workspace domain. Force encryption on all inbound and outbound emails from your Workspace domain.
Question #55 Topic 1
Your organization recently bought 1,000 licenses for Cloud Identity Premium. The company’s development team created an application in the
enterprise service bus (ESB) that will read user data in the human resources information system (HRIS) and create accounts via the Google
Directory REST API.
While doing the original test before production use, the team observes a 503 error coming from Google API response after a few users are
created. The team believes the ESB is not the cause, because it can perform 100 requests per second without any problems. What advice would
you give the development team in order to avoid the issue? Use an exponential back-off algorithm to retry failed requests. Use the domain-wide delegation API to avoid the limitation per account. Use the batch request architecture, because it can pack 1,000 API calls in one HTTP request. Switch from REST API to gRPC protocol for performance improvement.
Question #56 Topic 1
A user does not follow their sign-in pattern and signs in from an unusual location. As an admin, what should you do in response to this alert for
this user during this investigation? Add Two Factor Authentication to the Domain First, suspend the account and then investigate Enhance your security alerts for tracking sign-in patterns Investigate the account for unauthorized activity in the Login and Security Audit Log.
Question #57 Topic 1
You want to create a list of IP addresses that are approved to send email to your domain. To accomplish this, what section of the Google
Workspace Admin console should you update? Bypass spam filter Content compliance rule Approved email denylist Email allowlist.
Question #58 Topic 1
Your organization wants to grant Google Vault access to an external regulatory authority. In an effort to comply with an investigation, the external
group needs the ability to view reports in Google Vault. What should you do? Create accounts for external users and assign Vault privileges. Share Vault access with external users. Assign an Archived User license to the external users. Temporarily assign the super admin role to the users.
Question #59 Topic 1
You are the administrator of a domain that requires iOS mobile device management. What initial steps should be taken to ensure that you can
properly manage end-user iOS devices? Follow the prompts under "company owned devices," and select "iOS Management." Select the option to "enforce management on iOS devices." Configure an Apple Push Certificate, and select "certificate never expires." Configure an Apple Push Certificate, and be sure to use a work address that can be accessed in the future. the Admin console, navigate to iOS management, and enable the Apple Push Certificate connector.
Question #60 Topic 1
Your organization is planning to remove any dependencies on Active Directory (AD) from all Cloud applications they are using. You are currently
using Google Cloud Directory Sync (GCDS) with on-premises AD as a source to provision user accounts in Google Workspace. Your organization is
also using a software-as-a-service (SaaS) human resources information system (HRIS) that offers integration via CSV export and Open API
standard.
Additional requirements for the solution include:
• It should not require a subscription to any additional third-party service.
• The process must be automated from beginning to end.
You are tasked with the design and implementation of a solution to address user provisioning with these requirements.
What solution should you implement? Set up Azure AD and federate on-premises AD with it. Provision user accounts from Azure AD with the Google-recommended process. Modify the GCDS configuration to use the HRIS application as the data source and complete any necessary adjustments. Export HRIS data to a CSV file every day, and build a solution to define the delta with the previous day; import the result as a CSV file via the Admin console. Build an application that will fetch updated data from the HRIS system via Open API, and then update Google Workspace with the Directory API accordingly.
Question #61 Topic 1
Multiple users across the organization are experiencing video degradation in Meet video calls. As an administrator, what steps should you take to
start troubleshooting? Troubleshoot network bandwidth for the organizer of the meeting. Push the Meet quality tool to end user devices and run local reports to determine connectivity issues. Locate the Meet quality tool, and review the output for issues with quality. Update the Admin Console Meet settings to disable streaming.
Question #62 Topic 1
As the Workspace Administrator, you have been asked to enable the help desk team to share incoming support requests from end users. The help
desk team has ten users who need to respond to support requests that are sent to a help desk email address. The users must be able to respond
by email and assign ownership of tickets. Finally, the help desk team is highly mobile and will need to manage help desk tickets from their mobile
devices. How would you provide this functionality for the help desk team? Configure a Google Group as a collaborative inbox, and assign the required Groups permissions to the help desk team members. Create a help desk Workspace mail account, and set the help desk team as mail delegates to the help desk account. Create the help desk group as a Q&A Group, and add the "Manager" role to the help desk team users. In Google Drive, create a help desk request form, and give the help desk team the ability to view the inbound requests.
Question #63 Topic 1
Your company is using Google Workspace Business Plus edition, and the security team has reported several unsuccessful attempts to sign in to
your Google Workspace domain from countries where you have no local employees. The affected accounts are from several executives in the
main office.
You are asked to take measures to mitigate this security risk. Although budget is not a concern, your company prefers a minimal financial outlay
to fix the issue, which you are tasked with managing. Which two solutions would help you mitigate the risk at minimal cost? (Choose two.) Deploy 2-Step Verification for all users who have security keys. Deploy Google Cloud Armor on a dedicated project, and create a rule to allow access to Google Workspace only from specific locations. Upgrade to Google Workspace Enterprise Plus for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees. Subscribe to Cloud Identity Premium for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees. For all executives, create new accounts with random characters to match Google best practices, migrate data from the former accounts, and then delete them.
Question #64 Topic 1
As a Google Workspace administrator for your organization, you are tasked with identifying how users are reporting their messages – whether
spam, not spam, or phishing – for a specific time period. How do you find this information? Open Admin Console > Security > Dashboard > User Reports. Open Admin Console > Security > Dashboard > Spam Filter- Phishing. Use Reports API to query user Gmail activity. Open Admin Console > Reporting > Email Log Search.
Question #65 Topic 1
The nature of your organization's business makes your users susceptible to malicious email attachments. How should you implement a scan of all
incoming email attachments? Configure a safety rule to protect against encrypted attachments from untrusted senders. Configure a safety rule to protect against attachments with scripts from untrusted senders. In the security sandbox section, enable virtual execution of attachments for the targeted OU. In the security sandbox section, enable virtual execution of attachments for the entire organization.
Question #66 Topic 1
You have enabled Automatic Room Replacement for your calendar resources, but it is not working for any instances of a conflict booking. What
could be the issue? Automatic Room Replacement does not work on recurring events. This feature requires calendar event owners to have the Buildings and resources administrator privilege. The calendar resources do not have the Resource Category configured as CONFERENCE_ROOM. The events have more than 20 attendees.
Question #67 Topic 1
A large enterprise that had a security breach is working with an external legal team to determine best practices for an investigation. Using Google
Vault, the security team is tasked with exporting data for review by the legal team. What steps should you take to securely share the data in
question? Determine the scope of the investigation, create a Matter and Holds in Google Vault, and share with the legal team. Immediately suspend the user's account, search for all the email messages in question, and forward to the legal team. Immediately suspend the user's account, assign an archived user license, and export data. Suspend the user's account, search all associated users data in Google Vault, and export the data.
Question #68 Topic 1
A user has reported that they did not receive an email from one of their normal correspondents. What information do you need to collect from the
user to investigate the cause of the issue? The email address of the sender and the subject and date/time of the missing message. The type of device the individual is using, including the OS version, browser, and browser version. The sender's domain so you can review their SPF and DKIM configuration. The sender's IP address, mail client, and mail platform.
Question #69 Topic 1
You are configuring a shared drive for the financial department of your organization. The financial team wants to allow members of the shared
drive to add, edit, and move documents into the shared drive. It's important that the same users cannot remove or delete files. How can you
configure access for these users to match the team's request? Set up the shared drive, and add the users as Content Managers of the drive. Set up the shared drive, and add the users as editors of the drive. Set up the shared drive, and add the users as Contributors of the drive. Set up the shared drive, and add the users as Managers of the drive.
Question #70 Topic 1
Your organization has decided to enforce 2-Step Verification for a subset of users. Some of these users are now locked out of their accounts
because they did not set up 2-Step Verification by the enforcement date. What corrective action should you take to allow the users to sign in
again? Disable 2-Step Verification per organizational unit so the affected users can sign in. Move the affected users into the exception group temporarily so they can set up 2-Step Verification, and then remove them from the exception group after successful sign-in is confirmed. Disable 2-Step Verification organization-wide so all users can successfully sign in. Move the affected users into the exception group permanently so they do not have to use 2-Step Verification going forward.
Question #71 Topic 1
Your company is using Google Workspace Enterprise Standard. They have 200 meeting rooms defined for the main building and used daily by the
12,000 employees. Users are complaining they have difficulties finding a room available when searching within Google Calendar, even if several
rooms are available (no one attending meetings in these rooms at that time). You have been asked to find a solution while minimizing the
operational effort and avoiding any new expenses due to budget constraints. What should you do? Implement a third-party solution that will detect presence in the room and release it if nobody appears after a few minutes. Create a Google App Script that will inspect each room calendar for the next 12 hours, check attendees status, and send the room
administrator an alert email for releasing the room if all attendees have declined but the room has not. Set the option "Allow calendar-based room release" for all targeted rooms. Upgrade to Google Workspace Enterprise Plus edition to benefit from additional features for automated machine learning (ML) based resources management.
Question #72 Topic 1
Your company has just acquired a new group of users. They have been provisioned into the Google Workspace environment with your primary
domain as their primary email address. These new users still need to receive emails from their previous domain. What is the best way to achieve
this for these new users, without updating the information of preexisting users? Add the acquired domain as an alias to the primary Google Workspace domain. Add the acquired domain as a secondary domain to the primary Google Workspace domain, and then update the email information of all new users with alias emails. Update the Google-provided test domain to be the domain of the acquired company, and then update the email information of all new users with alias emails. Without adding a domain, update each user's email information with the previous domain.
Question #73 Topic 1
The application development team requests that a new, internal, domain-owned Google Workspace app be allowed to access Google Drive APIs.
You are currently restricting access to all APIs using an approved allowlist, per security policy. You need to grant access for this app. What should
you do? Enable all API access for Google Drive. Enable the "trust domain owned apps" setting. Add OAuth Client ID to the Google Drive Trusted List. Allowlist the app in the Google Workspace Marketplace.
Question #74 Topic 1
An administrator accidentally deleted several Workspace user accounts from the Google Admin Console two weeks ago. How can you recover the
deleted user accounts? Open a Google support ticket, and request a recovery of all recently deleted users. Sign in to the Admin console as Help Desk Admin, open user management, filter for "recently deleted," and recover. Sign in to the Admin console as Super Admin, open user management, filter for "recently deleted," and recover. Create a matter, go to legal hold, and create a legal hold for the user accounts.
Question #75 Topic 1
You need to protect your users from untrusted senders sending encrypted attachments via email. You must ensure that these messages are not
delivered to users' mailboxes. What step should be taken? Use the security center to remove the messages from users' mailboxes. Use Google Vault to remove these messages from users' mailboxes. Enable a safety rule to send these types of messages to spam. Enable a safety rule to send these types of messages to a quarantine.
Question #76 Topic 1
Your organization uses a third-party product to filter mail before it arrives at your Workspace Domain. How should you configure Gmail to ensure
that inbound messages are not seen as a spam attack due to the volume of mail being received from this product? Add the product's IP addresses as an approved sender. Allowlist the IP addresses of the third-party filtering product. Add the product's IP addresses to your organization's SPF record. List the IP addresses of the product as an Inbound Gateway.
Question #77 Topic 1
Your organization is in the process of deploying Google Drive for desktop so that your users can access Drive files directly from their desktops.
For security reasons, you want to restrict Drive for desktop to only company-owned devices. What two steps should you take from the admin panel
to restrict Drive for desktop to only company-owned devices? (Choose two.) Create a company-owned device inventory using an asset tag. Devices > Endpoints > Add a filter > Management Type > Drive for desktop > Apply Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices Install the Google Endpoint Verification extension on machines using Drive for Desktop. Create a company-owned device inventory using serial numbers of devices.
Question #78 Topic 1
The human resources (HR) team needs a centralized place to share key documents with the entire organization while protecting confidential
documents and mitigating the risk of losing documents when someone leaves. These documents must be editable by the HR team members.
What is the best way to set this up? Have the HR lead create a folder in their MyDrive for the non-confidential files, give edit access to the HR team, and give view access to the organization. Create a shared drive for the non-confidential files, give the HR team manager access, and give contributor access to the entire organization. Create a shared drive for non-confidential files, give the HR team content manager access, and give view access to the organization. Create a shared drive for all files, give the HR team content manager access, and give view access to the organization.
Question #79 Topic 1
Your organization implemented Single Sign-On (SSO) for the multiple cloud-based services it uses. During authentication, one service indicates
that access to the SSO provider is not possible due to invalid information. What should you do? Update the validation certificate. Verify that the Audience element in the SAML Response matches the assertion consumer service (ACS) URL. Run nslookup to confirm that the service exists. Ensure that Microsoft's Active Directory Federation Services 2.0 sends encrypted SAML Responses in default configurations.
Question #80 Topic 1
You have configured SSO using a third-party IDP with your Google Workspace domain. An end user has reported that they cannot sign in to Google
Workspace after their username was changed in the third-party SSO product. They can sign in to their other internal applications that use SSO, and
no other users are experiencing issues signing in. What could be causing the sign-in issue? The SAML assertion provided by the third-party IDP is presenting a username that conflicts with the current username configured in Google Workspace. The user's Google password was changed administratively, which is causing a sign-in failure. The issued certificate for that user has been revoked and must be updated before the user can have another successful sign in. The SAML assertion is providing the user's previous password attached to their old username.
Question #81 Topic 1
You have configured Secure Transport (TLS) Compliance for all messages coming to and from an external domain, altostrat.com, that your end
users communicate with via Gmail. What will your end users experience when messages are delivered to them from altostrat.com without TLS
enabled? The message will be delivered to their spam folder. The message will not be delivered to the end user in any form. The user will receive a failure message informing them that the message could not be delivered to their inbox and that they will need to work with their Workspace administrator to resolve the issue. A warning banner will appear on the message informing the user that the message was not sent securely.
Question #82 Topic 1
Four weeks ago, you exported data from Google Vault and emailed the PST export file to your legal admin. They accidentally deleted the PST file
and need it sent again. What steps should you take to re-send the PST file to the legal admin? Return to the Google Vault export page, and download the ZIP file again. Return to the Email Log Search page, and download the PST file again. Ask the legal admin to return to Google Vault to download the PST file again. Repeat the original search for the original timeframe, and export the data again.
Question #83 Topic 1
Your admin quarantine is becoming a burden to manage due to a consistently high influx of messages that match the content compliance rule.
Your security team will not allow you to remove or relax this rule, and as a result, you need assistance processing the messages in the quarantine.
What is the first step you should take to enable others to help manage the quarantine, while maintaining security? Give the users super admin rights to view the admin quarantine. Give the users Services > Gmail > Access Admin Quarantine admin privileges. Configure the admin quarantine to allow end users to release messages. Give the users Services > Security Center admin privileges.
Question #84 Topic 1
Your organization is expected to start using Google Workspace Enterprise Standard in several countries. During the planning phase, the change
management leadership team mandates that meeting rooms near each participant's office location should be suggested when someone creates a
Google Calendar event, to simplify the user experience and avoid booking rooms when people would not be able to move easily. What should you
do? Organize users for each location in separate organizational units (OUs). Add room resources to the corresponding OUs so that meeting rooms would be suggested accordingly. Organize users for each location in separate Google Groups. Add room resources to the corresponding groups so that meeting rooms would be suggested accordingly. Share each room only with the Dynamic Group defined per each user location so that they can only book the rooms nearby. Define users' work locations by setting building ID, floor name, and floor section if applicable as the buildings and rooms are defined.
Question #85 Topic 1
Your company is using macOS devices for all employees and has built a process to allow a Google account to be used as credentials for the
device. Your company wants to manage newly acquired Windows 10 devices with Google Workspace endpoint management and have employees
use their Google Workspace account as login credentials for Windows 10. Which steps should you take to enable this? (Choose two.) Install and configure Google Credential Provider for Windows (GCPW) on each device. Sync the Google Accounts and password to AD via Google Cloud Directory Sync V1 (GCDS). Install and configure Password Sync on each Active Directory (AD) domain controller. Configure Chrome policies on Windows to push advanced device management policies. Enable Windows device management in Devices > Mobile & endpoints > Settings > Windows setting.
Question #86 Topic 1
Several users in your organization reported an issue with receiving emails from one particular external sender. You want to troubleshoot the issue
and determine whether Google received these emails. What should you do? Update your MX records to make sure they point to Google mail servers. Search for missing email messages by using email Log Search (ELS), and determine why messages weren't delivered. Check if your Google Workspace domain registration expired. Open a support ticket with Google Workspace Support.
Question #87 Topic 1
Your organization has confidential internal content for which only authorized employees are allowed to access. Access to this content is managed
by using Google Groups. Only administrators can create and manage membership. You need to provide only the necessary functionality and follow
the principle of least privilege. What should you do? Make a moderated group so all incoming communications can be monitored. Make a security group to apply access policies. Make a dynamic group so security team members are automatically added. Use a group as a collaborative inbox that allows easier sharing.
Question #88 Topic 1
An employee at your organization is having trouble playing a video stored in Google Drive that is embedded in their Google Slides presentation.
You need to collect the necessary details to troubleshoot the issue. What should you do? Check the Google Drive audit logs for any error entries on the Slides presentation. Check the help center for the appropriate error message. Instruct the employee to give you edit access to the presentation to review the revision history. See if the error message changes when you delete and add the slides back. Create a copy of the presentation to see if you can replicate the problem, and document any errors you see. Confirm that the source video is in a supported format and resolution and that the user has permission to play the video. Have a screen share session to confirm the behavior.
Question #89 Topic 1
An employee at your organization is resigning. They are in charge of organizing and maintaining recurring team events. You want to preserve the
existing meetings and transfer ownership to the resigning employee's manager. What should you do? Transfer both the events and the resources owned by the resigning employee to their manager by using the Admin console. Delete the existing calendar events and instruct the manager to create new events as the owner. Assign an Archived User (AU) license for the resigning employee. Instruct the resigning employee to share free/busy details for their calendar with their manager.
Question #90 Topic 1
A team of field technicians at your organization has been misusing their corporate email account. You need to enforce the corporate policy that
prohibits the field technicians from sending emails externally. What should you do? Place the field technicians in a separate organizational unit (OU) and disable the Gmail mobile app. Disable automatic forwarding for all field technicians. Place the Field Technicians in a Group. Create and apply a domain wide ‘Reject message’ rule to the entire group. Create a routing rule by using the Reject message option for the organization's domain, and apply the rule to the field technician organizational unit (OU).
Question #91 Topic 1
An employee in your organization is reporting that they cannot access a non-Google file in the Google Drive web interface even though other
documents in Google Drive are working. You want to identify why they can't access the file and fix the problem. What should you do? (Choose
two.) Instruct the employee to make a copy of the document by using the Google Drive user interface, then work from the copy. Reset the sign-in cookies of the employee. Instruct the employee to check the size of the document and divide the information into smaller parts if it is close to the limit. Disable Context-Aware Access policies. Instruct the employee to clear the browser cache.
Question #92 Topic 1
In the years before your organization moved to Google Workspace, it was relatively common practice for users to create unmanaged Google
Accounts with their corporate email address (for example, to monitor Analytics, manage AdSense, and collaborate in Docs with other partners
who were on Google Workspace).
How do we provision users who previously owned unmanaged Google Accounts without having to lose access to their data? Provision former user accounts with Cloud Identity licenses, generate a new Google password, and place them in an OU with all Google Workspace and other Google services disabled. Contact Google Enterprise Support to provide a list of all accounts on your domains that access Google services outside Workspace, and have them converted to managed accounts. Use the Transfer Tool for Unmanaged Accounts to send requests to the former users to transfer their account to your domain as a managed account. Provide a list of all active employees to the managers of your company's Analytics, AdSense, etc. accounts.
Question #93 Topic 1
You work for a small company and are creating new Workspace accounts for 100 temporary users. These temporary users do not currently have
any user accounts in your LDAP directory. Also, you want to add a work address to each users’ account. You want to do this task quickly and
efficiently. What should you do? Write and deploy a server-side script by using the Admin SDK Directory API. Ensure that the account information is properly added into the CSV file created from the downloaded template. Upload the file in the Admin console by using the Bulk update users process. Manually create each new user account in the Admin console. Then add the work address to each new user. Sync the new accounts by using the Google Cloud Directory Sync (GCDS) server.
Question #94 Topic 1
Your organization has hired a recruiting firm that is responsible for reviewing resumes and job descriptions of prospective summer interns.
Employees at your organization need to collaborate with the external firm on these documents. You must set permissions and ensure the
recruiting firm employees can't remove the files. What should you do? Create a Google Group, add the HR team, and create a shared folder for content storage and editing. Create a Shared Drive and grant Contributor access to the HR team. Enable client-side encryption for the organizational unit (OU) for which the HR team are members. Create a Shared Drive and grant Content Manager access to the HR team.
Question #95 Topic 1
You work for a small organization and are planning to deploy an upcoming Google Workspace feature. You want users to have access to the
feature as soon as possible. What should you do? Confirm that your organization is set to the rapid release option to ensure that your users receive new features when Google releases them. Do nothing. No extra configuration is needed as all Workspace customers receive new features at the same time. Confirm that your organization is set to the scheduled release option to ensure that your users receive new features when Google releases
them. Enable the new feature in a Workspace Sandbox organization, and roll out to users only after testing.
Question #96 Topic 1
You work at a financial institution with strict security requirements. You have been asked by the head of IT security to enforce the policy that
allows access to Google Workspace services only from devices that are within the company's network. What should you do? Ask everyone to use Chromebooks in your organization and deploy network certificates. Enable context-aware access (CAA) for all employees, and add the location as a context condition. Enable context-aware access (CAA) for all employees, and add the IP subnet as a context condition. Enable client-side encryption (CSE) for all employees.
Question #97 Topic 1
You work for an international organization and your CEO frequently travels to other countries. You need to enable email access and configure the
account for multiple administrative assistants. What should you do? Provide the executive administrative assistants with the account password of the CEO. Enable users to specify what sender information is included in delegated messages sent from their account. Create a group of administrative assistants. Enable delegated access to the mailbox of the CEO for that group. Log into the Gmail account of the CEO. Set up and share two separate email aliases.
Question #98 Topic 1
Your team uses Google Drive for collaborating with external companies and partners. A sensitive project with an external organization is about to
begin. You are creating the new labels for the project. You must ensure that all labeled documents have the label visible to everyone who has
access to the project files. What should you do? Create Drive labels and a separate Shared Drive for the project. Create Drive labels and add the users from the external organization to your domain. Create Drive labels and add the permissions for all users in the project, including the external users, to view these labels. Create Drive labels and apply data protection rules to all project file.
Question #99 Topic 1
Your executive team has asked you to export all available data for 1,200 of your 1,500 Google Workspace Domain users. How should you proceed
to export the data with the least amount of effort? Perform a search in Google Vault for the 500 users and export all of the results. Create a shared drive for the exports. Instruct end users to manually use Google Takeout to export the data and place the exported files in the shared drive. Contact Google Cloud support to perform the export for you. Contact Google Cloud Support to enable the Data Export tool for your organization, because you have more than 1,000 users, then use the tool to export data for the domain, and remove any unnecessary user data.
Question #100 Topic 1
Your organization is engaging with an external marketing vendor on a new promotion. The vendor's employees need access to internal
documents. Some employees do not have Google consumer or Workspace accounts. You need to securely enable sharing with these external
collaborators. What should you do? Enable external sharing for the specific child organizational units or configuration groups. Enable visitor sharing for the Google Workspace domain. Create a trust rule for a shared drive to allow sharing with the external vendor. Add the external domain of the vendor to the allowlist.
Question #101 Topic 1
Samantha, an employee from your engineering department, has submitted a help desk ticket. She is unable to share a Google Doc file with Jason,
her coworker in the marketing department. However, Samantha is able to share the same file with her colleagues in the engineering department.
You must troubleshoot the issue. What should you do? Confirm if a trust rule is preventing sharing with Jason or someone that belongs to the marketing department. Verify that Samantha's Drive sharing settings in the Admin console allow sharing content outside her organization. Confirm if there is a data protection rule that is preventing the sharing of this particular Google Doc. Instruct Samantha to export a PDF copy of the document and email it to Jason.
|
