1000 Flashcards
(50 cards)
Your organization has been using Google Workspace for almost a year, and your annual security and risk assessment initiative is approaching. In preparation for the risk assessment, you want to quickly review all the security-related settings for Gmail, Drive, and Calendar, and identify the ones that may be posing risk. What should you do?
A. Review all the alerts in the Alert center.
B. Review the Security health page in the Admin console.
C. Review all settings for each organizational unit (OU) separately because it is the only way to see the security settings for Workspace apps.
D. Review the Gmail, Drive, and Calendar reports in the Reporting section in the Admin console.
B. Review the Security health page in the Admin console.
Employees at your organization can log into any third party applications they need for work-related reasons by using their Google Workspace sign-in. Your organization’s security team has asked you to present a list of applications that have access to the data in your Google Workspace domain. What should you do?
A. Download a list of external apps from the Manage Google login access section within the app access control page.
B. Download a list from the Accessed apps section of the app access control page.
C. Download a list of external apps from the Settings page within the app access control page.
D. Download a list from the Google Services section of the app access control page.
B. Download a list from the Accessed apps section of the app access control page.
Your organization has a group of users who interact with sensitive information and their accounts contain valuable files. You need to protect these users from targeted online attacks. What should you do?
A. Enable 2-Step Verification for those users and recommend they use Google Authenticator.
B. Enable 2-Step Verification for those users and recommend they use SMS codes.
C. Disable password recovery for end users.
D. Enroll all accounts for those users in the Advanced Protection Program.
D. Enroll all accounts for those users in the Advanced Protection Program.
An employee at your organization is experiencing video call issues in Google Meet, and they were unable to resolve the issues by themselves. You need to troubleshoot the issue. What should you do first?
A. View the Meet quality report of the employee.
B. Ask your network administrator to add the dedicated Meet IP address range for your users.
C. Restart the device of the employee.
D. Check the Meet settings of the employee.
A. View the Meet quality report of the employee.
Your organization is moving from a legacy mail system to Google Workspace. This move will happen in phases. During the first phase, some of the users in the domain are set up to use a different identity provider (IdP) for logging in. You need to set up multiple IdPs for various users. What should you do?
A. Enable single sign-on (SSO) with third-party identity providers and exclude the users who are using a different provider.
B. Enable single sign-on (SSO) with Cloud Identity, and use Cloud Directory Sync to manage multiple identity providers.
C. Create Security Assertion Markup Language (SAML) based single sign-on (SSO) profiles and assign them to specific organizational units or groups of users.
D. Nothing. Google uses cookies to establish a user’s relationship to a device. This will cover multiple identity providers.
C. Create Security Assertion Markup Language (SAML) based single sign-on (SSO) profiles and assign them to specific organizational units or groups of users.
Your organization has users in the United States and Europe. For compliance reasons, you want to ensure that user data is always stored in the region where the user is located. What should you do?
A. Create two Google Groups titled “United States” and “Europe.” Assign users to either group based on location.
B. Specify a data region policy for each Organizational Unit (OU) where users are grouped by location.
C. Populate the Address field on each user record, ensuring the country information is accurate.
D. Do nothing. No extra configuration is needed because user data is always stored in the region the user is located.
B. Specify a data region policy for each Organizational Unit (OU) where users are grouped by location.
You work at a large global holding firm with multiple companies that are united under one Google Workspace deployment. You must ensure that employees can only access documents at the company in which they are employed. What should you do?
A. Create a User group for each company and change Google Drive sharing settings to block external sharing.
B. Create an organizational unit (OU) for each company and disable file sharing.
C. Set up data loss prevention (DLP) rules to prevent specific documents from being shared.
D. Set up Google Drive trust rules to prevent access to documents from individual companies.
D. Set up Google Drive trust rules to prevent access to documents from individual companies.
Your default Vault retention policy for Gmail is set to 365 days. Your legal department has just informed you that emails sent and received by the customer support department are sensitive, and must be retained for only 30 days. You must enforce this new retention policy in the simplest way. What should you do?
A. Change the current default retention policy in Vault for Gmail to 30 days, and apply it to the customer support organizational unit (OU). Configure a custom retention policy for Gmail for 365 days for your domain.
B. Create two custom retention policies in Vault: one for 30 days that is applied to the customer support organizational unit (OU), and one for 365 days that is applied to all other OUs in your directory.
C. Change the current default retention policy for Gmail to 30 days. Configure two custom retention policies in Vault: one for 30 days that is applied to the customer support organizational unit (OU), and one for 365 days that is applied to all other OUs in your directory.
D. Create a custom retention policy in Vault for Gmail for 30 days, and apply it to the customer support organizational unit (OU).
D. Create a custom retention policy in Vault for Gmail for 30 days, and apply it to the customer support organizational unit (OU).
Employees at your organization frequently and mistakenly delete important emails that they receive from your payroll department. The employees have to file support tickets for the IT team to find and restore these emails. You must provide an automated solution that minimizes IT overhead and prevents these emails from being permanently deleted from their inboxes. What should you do?
A. Create a content compliance rule that targets internal messages. Use an advanced content match for the sender header to match the payroll department’s email. Quarantine the message so that administrators can review the email before they release it to the user.
B. Create an Apps Script project that uses the Gmail API to find any recently deleted emails and automatically restore them to the inboxes. Set the script trigger to be time-driven and run every hour.
C. Create a content compliance rule that targets all internal messages that are sent from the payroll department. Modify the message by prepending a custom subject line to all payroll emails so that employees know not to delete them.
D. Create an activity rule by using Gmail log events with two conditions: one for the event of an email deletion and another that matches the header address to the payroll department’s email. Create an action that restores messages. Set the rule to run every hour.
D. Create an activity rule by using Gmail log events with two conditions: one for the event of an email deletion and another that matches the header address to the payroll department’s email. Create an action that restores messages. Set the rule to run every hour.
Your organization is migrating to Google Workspace and wants to improve how newly created files are classified. You must find a scalable solution to improve security and transparency on how to handle sensitive files. What should you do?
A. Set data loss prevention (DLP) policies to label data automatically, disable label locking, and educate users.
B. Create classification labels, enable automatic classification, and educate users.
C. Migrate data to Google Workspace, map classifications, and migrate with the Drive Labels API.
D. Integrate with the Cloud DLP API, map identifiers and classifications, install the Google Drive label client, and run the application.
B. Create classification labels, enable automatic classification, and educate users.
You have enrolled a new Google Meet hardware device for an existing conference room in your building. Your users report that the new hardware in the conference does not show the expected calendar events. You need to investigate and fix the problem. What should you do?
A. Make sure that the conference room resource calendar has been created and that the Meet Hardware is associated with that resource.
B. Create a brand new resource calendar and associate the Meet Hardware with that new resource.
C. Use the Meet Quality Tool in the control panel to search for the newly installed Meet Hardware.
D. Make sure the Access permissions for the resource calendar is set to “See all event details”.
A. Make sure that the conference room resource calendar has been created and that the Meet Hardware is associated with that resource.
Users at your organization are reporting issues with Google Voice including disconnected calls and overall connection issues. You want to identify whether these issues affect just your organization or whether it’s a global Google issue. What should you do?
A. Use the Security Investigation Tool with Voice Log Events as the data source field. In the search operator fields, select Event, is, and Network Statistics (client). Analyze the packet loss.
B. Verify if there is a service outage for Google Voice reported on the Google Workspace Status Dashboard.
C. Use the Security Investigation Tool with User Log Events as the data source field. In the search operator fields, select Event, is, and Call failed. Analyze the packet loss.
D. Verify if there is a service interruption for Google Voice reported on the Google Workspace Updates Blog website.
B. Verify if there is a service outage for Google Voice reported on the Google Workspace Status Dashboard.
You work for an organization that is headquartered in Washington DC. You want to reliably send email announcements to all employees in the area and update membership automatically. What should you do?
A. Create a Dynamic Group by using the location condition to keep the distribution list automatically updated based on the employees’ work locations.
B. Create a Security Group and apply the Location label to allow employees to join based on the specified location.
C. Create a Google Group and add all employees in the Washington DC work location.
D. Create a Google Group and set permissions to invite employees to join the group.
A. Create a Dynamic Group by using the location condition to keep the distribution list automatically updated based on the employees’ work locations.
Your organization has a data loss prevention (DLP) rule to detect and warn users about external sharing of sensitive files in Google Drive. You also want to prevent external users from downloading files with viewer permissions to their local machines. What should you do?
A. Do nothing. View-only Drive files automatically prevent the user from downloading the files.
B. Modify the existing DLP rule to Disable download, print, and copy for commenters and viewers.
C. Create a new DLP rule by using the existing content detector conditions, but change the action for the new rule to Disable download, print, and copy for commenters and viewers.
D. Create a new DLP rule and set the scope to the organizational unit or group that you want to restrict.
C. Create a new DLP rule by using the existing content detector conditions, but change the action for the new rule to Disable download, print, and copy for commenters and viewers.
Recently, your organization has had an increase in messages marked as spam. You need to quickly and efficiently obtain detailed information regarding each message. What should you do?
A. Create an investigation by using a SQL query to search for all spam audit logs exported to BigQuery.
B. Send an alert to all users to mark all suspicious Gmail messages as spam and review the Alert center messages.
C. Use Google Vault to put all messages marked as spam in a legal hold and review the messages.
D. Use the spam filter report in the security dashboard to see messages Google’s spam filter marked as spam during a specific time period.
D. Use the spam filter report in the security dashboard to see messages Google’s spam filter marked as spam during a specific time period.
You are configuring a customer relationship management (CRM) solution to integrate with Google Workspace services for the sales department at your organization. The CRM solution is in the Google Workspace Marketplace and you deploy the specific CRM solution. Employees report that there are no contacts and documents visible in the CRM solution. You must identify and fix the problem. What should you do?
A. Check the OAuth scopes, and ensure that Drive and Gmail scopes are granted for the CRM solution.
B. Check if Manage access to apps is set to Allow users to install and run any app from the Marketplace.
C. Revoke all OAuth scopes, and reinstall the CRM solution for just the sales department.
D. Check if the App distribution settings are set to ON for everyone in your organization.
A. Check the OAuth scopes, and ensure that Drive and Gmail scopes are granted for the CRM solution.
Your global marketing team has over 500 employees. They recently started working with Google Analytics and want to move to managed accounts. You decide to use Google Cloud Directory Sync (GCDS) to sync users from your current identity provider. Your organization currently has no Google Workspace licenses linked to the Admin console. You run GCDS for the first time and receive the following error, “Domain user limit reached.” You need to identify and fix the problem. What should you do?
A. Ensure that there is a subscription available and enough licenses to sync the new users.
B. Check if GCDS has the correct permissions to run a sync on your domain.
C. Wait 48 hours until the domain is fully provisioned.
D. Update the delete limits of GCDS, and try again.
A. Ensure that there is a subscription available and enough licenses to sync the new users.
Your organization was recently targeted by a phishing attempt that affected several users. You must efficiently determine the full extent of the phishing attempt and prevent further issues from occurring. What should you do?
A. 1. Search BigQuery logs for all messages marked as phishing.
2. Require Transport Layer Security (TLS) for all email communications.
3. Instruct all users to reset their passwords.
B. 1. Use email log search to pull all emails for the past three days.
2. Analyze logs of common emails received and contact users.
3. Instruct users on how to create a Gmail filter to block malicious email addresses.
C. 1. Use the security dashboard to view the number of messages showing evidence of potential spoofing, and then use the investigation tool on affected users to remove malicious email.
2. Enable advanced phishing and malware protection.
3. Deploy Google’s Password Alert extension for Chrome.
D. 1. Collect phishing samples forwarded from users.
2. Add IP addresses and email addresses to your denylist.
3. Enroll only affected users to multi-factor authentication (MFA).
C. 1. Use the security dashboard to view the number of messages showing evidence of potential spoofing, and then use the investigation tool on affected users to remove malicious email.
2. Enable advanced phishing and malware protection.
3. Deploy Google’s Password Alert extension for Chrome.
The Google Analytics service is set to OFF for your entire organization. All users in the marketing team OU and a subset of users in the sales OU need access to Analytics. The rest of the organization should not have access. You must configure access in Additional Google services. What should you do?
A. Enable Google Analytics at the top of the OU structure.
B. Enable Google Analytics for the marketing and sales OUs. Create a group to deny access to Google Analytics and assign it to the sales users who should not have access.
C. Enable Google Analytics for the marketing OU. Create a sub-OU for the sales users under the marketing OU.
D. Enable Google Analytics for the marketing OU. Create a group from the Admin console that includes the sales users, and set Google Analytics to On for that group.
D. Enable Google Analytics for the marketing OU. Create a group from the Admin console that includes the sales users, and set Google Analytics to On for that group.
Your organization is engaging with an external marketing vendor on a new promotion. The vendor’s employees need access to internal documents. Some employees do not have Google consumer or Workspace accounts. You need to securely enable sharing with these external collaborators. What should you do?
A. Enable external sharing for the specific child organizational units or configuration groups.
B. Enable visitor sharing for the Google Workspace domain.
C. Create a trust rule for a shared drive to allow sharing with the external vendor.
D. Add the external domain of the vendor to the allowlist.
B. Enable visitor sharing for the Google Workspace domain.
Your team uses Google Drive for collaborating with external companies and partners. A sensitive project with an external organization is about to begin. You are creating the new labels for the project. You must ensure that all labeled documents have the label visible to everyone who has access to the project files. What should you do?
A. Create Drive labels and a separate Shared Drive for the project.
B. Create Drive labels and add the users from the external organization to your domain.
C. Create Drive labels and add the permissions for all users in the project, including the external users, to view these labels.
D. Create Drive labels and apply data protection rules to all project file.
C. Create Drive labels and add the permissions for all users in the project, including the external users, to view these labels.
You work for an international organization and your CEO frequently travels to other countries. You need to enable email access and configure the account for multiple administrative assistants. What should you do?
A. Provide the executive administrative assistants with the account password of the CEO.
B. Enable users to specify what sender information is included in delegated messages sent from their account.
C. Create a group of administrative assistants. Enable delegated access to the mailbox of the CEO for that group.
D. Log into the Gmail account of the CEO. Set up and share two separate email aliases.
C. Create a group of administrative assistants. Enable delegated access to the mailbox of the CEO for that group.
You work at a financial institution with strict security requirements. You have been asked by the head of IT security to enforce the policy that allows access to Google Workspace services only from devices that are within the company’s network. What should you do?
A. Ask everyone to use Chromebooks in your organization and deploy network certificates.
B. Enable context-aware access (CAA) for all employees, and add the location as a context condition.
C. Enable context-aware access (CAA) for all employees, and add the IP subnet as a context condition.
D. Enable client-side encryption (CSE) for all employees.
C. Enable context-aware access (CAA) for all employees, and add the IP subnet as a context condition.
You work for a small organization and are planning to deploy an upcoming Google Workspace feature. You want users to have access to the feature as soon as possible. What should you do?
A. Confirm that your organization is set to the rapid release option to ensure that your users receive new features when Google releases them.
B. Do nothing. No extra configuration is needed as all Workspace customers receive new features at the same time.
C. Confirm that your organization is set to the scheduled release option to ensure that your users receive new features when Google releases them.
D. Enable the new feature in a Workspace Sandbox organization, and roll out to users only after testing.
A. Confirm that your organization is set to the rapid release option to ensure that your users receive new features when Google releases them.
