As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?
AIn the GCDS configuration manager, update the group deletion policy setting to “don't delete Google groups not found in LDAP.”
BUse the Directory API to check and update the group’s membership after the GCDS sync is completed.
CConfirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.
DIn the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”
Your organization recently had a sophisticated malware attack that was propagated through embedded macros in email attachments. As a Workspace administrator, you want to provide an additional layer of anti-malware protection over the conventional malware protection that is built into Gmail. What should you do to protect your users from future unknown malware in email attachments?
ARun queries in Security Investigation Tool.
BTurn on advanced phishing and malware protection.
CEnable Security Sandbox.
DEnable Gmail confidential mode.
Your organization is engaging with an external marketing vendor on a new promotion. The vendor's employees need access to internal documents. Some employees do not have Google consumer or Workspace accounts. You need to securely enable sharing with these external collaborators. What should you do?
AEnable external sharing for the specific child organizational units or configuration groups.
BEnable visitor sharing for the Google Workspace domain.
CCreate a trust rule for a shared drive to allow sharing with the external vendor.
DAdd the external domain of the vendor to the allowlist.
Samantha, an employee from your engineering department, has submitted a help desk ticket. She is unable to share a Google Doc file with Jason, her coworker in the marketing department. However, Samantha is able to share the same file with her colleagues in the engineering department. You must troubleshoot the issue. What should you do?
AConfirm if a trust rule is preventing sharing with Jason or someone that belongs to the marketing department.
BVerify that Samantha's Drive sharing settings in the Admin console allow sharing content outside her organization.
CConfirm if there is a data protection rule that is preventing the sharing of this particular Google Doc.
DInstruct Samantha to export a PDF copy of the document and email it to Jason.
Your organization has been using Google Workspace for almost a year, and your annual security and risk assessment initiative is approaching. In preparation for the risk assessment, you want to quickly review all the security-related settings for Gmail, Drive, and Calendar, and identify the ones that may be posing risk. What should you do?
AReview all the alerts in the Alert center.
BReview the Security health page in the Admin console.
CReview all settings for each organizational unit (OU) separately because it is the only way to see the security settings for Workspace apps.
DReview the Gmail, Drive, and Calendar reports in the Reporting section in the Admin console.
Your organization has a data loss prevention (DLP) rule to detect and warn users about external sharing of sensitive files in Google Drive. You also want to prevent external users from downloading files with viewer permissions to their local machines. What should you do?
ADo nothing. View-only Drive files automatically prevent the user from downloading the files.
BModify the existing DLP rule to Disable download, print, and copy for commenters and viewers.
CCreate a new DLP rule by using the existing content detector conditions, but change the action for the new rule to Disable download, print, and copy for commenters and viewers.
DCreate a new DLP rule and set the scope to the organizational unit or group that you want to restrict.
You work for an organization that is headquartered in Washington DC. You want to reliably send email announcements to all employees in the area and update membership automatically. What should you do?
ACreate a Dynamic Group by using the location condition to keep the distribution list automatically updated based on the employees’ work locations.
BCreate a Security Group and apply the Location label to allow employees to join based on the specified location.
CCreate a Google Group and add all employees in the Washington DC work location.
DCreate a Google Group and set permissions to invite employees to join the group.
Your organization is working on a confidential project with details that cannot be shared through email with anyone outside your organization. You want to add controls in Gmail that prevent any mention of the project from being sent by employees. Only the CEO and the CFO can send information about the project over email and without a delay. What should you do?
AConfigure the Gmail Restrict delivery setting, and add an allowlist with all domains that your employees are allowed to send emails to. Include the CEO and CFO email addresses to the allowlist.
BConfigure a Gmail Content compliance rule for outbound email that quarantines all email mentioning the project. Bypass the rule by using the address list with the CEO and CFO email addresses.
CConfigure a Gmail Content compliance rule for outbound email that quarantines all email mentioning the project. Manually review all quarantined emails and choose to deliver the ones sent by the CEO and CFO.
DConfigure the Gmail Restrict delivery setting for all outgoing messages, except the internal emails. Add the CEO and CFO email addresses to the allowlist.
Users at your organization are reporting issues with Google Voice including disconnected calls and overall connection issues. You want to identify whether these issues affect just your organization or whether it's a global Google issue. What should you do?
AUse the Security Investigation Tool with Voice Log Events as the data source field. In the search operator fields, select Event, is, and Network Statistics (client). Analyze the packet loss.
BVerify if there is a service outage for Google Voice reported on the Google Workspace Status Dashboard.
CUse the Security Investigation Tool with User Log Events as the data source field. In the search operator fields, select Event, is, and Call failed. Analyze the packet loss.
DVerify if there is a service interruption for Google Voice reported on the Google Workspace Updates Blog website.
You have enrolled a new Google Meet hardware device for an existing conference room in your building. Your users report that the new hardware in the conference does not show the expected calendar events. You need to investigate and fix the problem. What should you do?
AMake sure that the conference room resource calendar has been created and that the Meet Hardware is associated with that resource.
BCreate a brand new resource calendar and associate the Meet Hardware with that new resource.
CUse the Meet Quality Tool in the control panel to search for the newly installed Meet Hardware.
DMake sure the Access permissions for the resource calendar is set to “See all event details”.
You work at a large global holding firm with multiple companies that are united under one Google Workspace deployment. You must ensure that employees can only access documents at the company in which they are employed. What should you do?
ACreate a User group for each company and change Google Drive sharing settings to block external sharing.
BCreate an organizational unit (OU) for each company and disable file sharing.
CSet up data loss prevention (DLP) rules to prevent specific documents from being shared.
DSet up Google Drive trust rules to prevent access to documents from individual companies.
An employee at your organization is experiencing video call issues in Google Meet, and they were unable to resolve the issues by themselves. You need to troubleshoot the issue. What should you do first?
AView the Meet quality report of the employee.
BAsk your network administrator to add the dedicated Meet IP address range for your users.
CRestart the device of the employee.
DCheck the Meet settings of the employee.
Your organization's information security team has asked you to determine and remediate if a user (user1@example.com) has shared any sensitive documents outside of your organization. How would you audit access to documents that the user shared inappropriately?
AOpen Security Investigation Tool-> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is user1@example.com.
BHave the super administrator use the Security API to audit Drive access.
CAs a super administrator, change the access on externally shared Drive files manually under user1@example.com.
DOpen Security Dashboard-> File Exposure Report-> Export to Sheet, and filter for user1@example.com.
Your organization is migrating to Google Workspace and wants to improve how newly created files are classified. You must find a scalable solution to improve security and transparency on how to handle sensitive files. What should you do?
ASet data loss prevention (DLP) policies to label data automatically, disable label locking, and educate users.
BCreate classification labels, enable automatic classification, and educate users.
CMigrate data to Google Workspace, map classifications, and migrate with the Drive Labels API.
DIntegrate with the Cloud DLP API, map identifiers and classifications, install the Google Drive label client, and run the application.
The Google Analytics service is set to OFF for your entire organization. All users in the marketing team OU and a subset of users in the sales OU need access to Analytics. The rest of the organization should not have access. You must configure access in Additional Google services. What should you do?
AEnable Google Analytics at the top of the OU structure.
BEnable Google Analytics for the marketing and sales OUs. Create a group to deny access to Google Analytics and assign it to the sales users who should not have access.
CEnable Google Analytics for the marketing OU. Create a sub-OU for the sales users under the marketing OU.
DEnable Google Analytics for the marketing OU. Create a group from the Admin console that includes the sales users, and set Google Analytics to On for that group.
Your organization has a strict requirement that your temporary employees can only send emails to and receive emails from specific external domains. You must define a policy in Google Workspace that meets this requirement for users in the temporary employee organizational unit (OU). What should you do?
ACreate a policy in Gmail settings that rewrites the recipient for outbound messages and quarantines incoming messages to review before delivery.
BAdd the allowed domains when configuring the restrict delivery setting in Gmail settings, and select the box to bypass for internal emails.
CRestrict sending and receiving to Google Groups, and carefully curate the temporary employees' memberships.
DConfigure the restrict delivery setting to limit domains that the temporary employees can communicate with. Allow Google Docs sharing notifications.
Your default Vault retention policy for Gmail is set to 365 days. Your legal department has just informed you that emails sent and received by the customer support department are sensitive, and must be retained for only 30 days. You must enforce this new retention policy in the simplest way. What should you do?
AChange the current default retention policy in Vault for Gmail to 30 days, and apply it to the customer support organizational unit (OU). Configure a custom retention policy for Gmail for 365 days for your domain.
BCreate two custom retention policies in Vault: one for 30 days that is applied to the customer support organizational unit (OU), and one for 365 days that is applied to all other OUs in your directory.
CChange the current default retention policy for Gmail to 30 days. Configure two custom retention policies in Vault: one for 30 days that is applied to the customer support organizational unit (OU), and one for 365 days that is applied to all other OUs in your directory.
DCreate a custom retention policy in Vault for Gmail for 30 days, and apply it to the customer support organizational unit (OU).
Your organization is moving from a legacy mail system to Google Workspace. This move will happen in phases. During the first phase, some of the users in the domain are set up to use a different identity provider (IdP) for logging in. You need to set up multiple IdPs for various users. What should you do?
AEnable single sign-on (SSO) with third-party identity providers and exclude the users who are using a different provider.
BEnable single sign-on (SSO) with Cloud Identity, and use Cloud Directory Sync to manage multiple identity providers.
CCreate Security Assertion Markup Language (SAML) based single sign-on (SSO) profiles and assign them to specific organizational units or groups of users.
DNothing. Google uses cookies to establish a user's relationship to a device. This will cover multiple identity providers.
By using Account Activity reports, you have flagged several users who are uploading large files. You want to ensure you don't run out of pooled storage and you want to stop the abuse. What should you do first?
AEmail flagged users with a warning of possible abuse.
BUse the Security Investigation Tool to set alerts on the flagged users.
CWarn the flagged users, and purchase more pooled storage to avoid hitting storage quotas.
DPlace the flagged users in a configuration group and set storage limits for the group.
The helpdesk at your organization reports that many users in multiple locations are not able to access Gmail, but can access other Workspace services. You must troubleshoot the issue. What should you do first?
AOpen a ticket with Google Support listing the affected users.
BCheck the Google Workspace status dashboard to see whether there is a disruption in Gmail service availability.
CCheck the Google Workspace release calendar to ensure there's not a Gmail upgrade scheduled.
DCheck network connectivity of the affected users.
An employee has been leaking confidential salary information to an external party. You must use Vault to preserve the messages for an investigation. What should you do?
ACreate a matter and add a hold on the employee's email.
BUse the security investigation tool to find the messages. Create a hold to preserve the messages.
CCreate a custom retention policy. Use the audit feature to view captured email logs.
DUse the search and export features to find all the messages sent externally.
The compliance team at your organization is conducting a legal investigation into some concerning sales activities of an employee eight months ago. The compliance team contacted you for assistance on the situation. You set up the default Google Vault retention rules so all data is retained only for one year. You must assist the compliance team with the investigation. What should you do?
ADo nothing. The retention period has already ended and the evidence has already been purged.
BSuspend the employee and export all data by using Google Takeout.
CAssign the compliance team a Google Vault administrator role and create a legal hold for the employee.
DAssign the compliance team a Google Vault administrator role and change the default retention rules to three years.
Your team is collaborating on a new project by using a Google Doc. They are using Doc comments to add numerous questions and suggestions. You want to ensure that sensitive data in the Doc comments does not appear in the recipients’ inboxes when a user is notified that a comment has been assigned to them. What should you do?
ASet up an email quarantine to quarantine all incoming emails that contain sensitive data.
BDisable comments in the Google Doc for your users.
CCreate a Gmail content compliance rule and turn off dynamic email for your team.
DCreate a Gmail content compliance rule to block incoming messages that contain sensitive data.
A user is reporting that external, inbound messages from known senders are repeatedly being incorrectly classified as spam. What steps should the admin take to prevent this behavior in the future?
AModify the SPF record for your internal domain to include the IPs of the external user's mail servers.
BUpdate the spam settings in the Admin Console to be less aggressive.
CAdd the sender's domain to an allowlist via approved senders in the Admin Console.
DInstruct the user to add the senders to their contacts.
Your organization was recently targeted by a phishing attempt that affected several users. You must efficiently determine the full extent of the phishing attempt and prevent further issues from occurring. What should you do?
A
Search BigQuery logs for all messages marked as phishing.
Require Transport Layer Security (TLS) for all email communications.
Instruct all users to reset their passwords.
B
Use email log search to pull all emails for the past three days.
Analyze logs of common emails received and contact users.
Instruct users on how to create a Gmail filter to block malicious email addresses.
C
Use the security dashboard to view the number of messages showing evidence of potential spoofing, and then use the investigation tool on affected users to remove malicious email.
Enable advanced phishing and malware protection.
Deploy Google's Password Alert extension for Chrome.
D
Collect phishing samples forwarded from users.
Add IP addresses and email addresses to your denylist.
Enroll only affected users to multi-factor authentication (MFA).