Google-Workspace-Administrator Google Cloud Certified - Professional Google Workspace Administrator Questions and Answers

Configure a safety rule to protect against encrypted attachments from untrusted senders

Configure a safety rule to protect against attachments with scripts from untrusted senders.

In the security sandbox section, enable virtual execution of attachments for (he targeted OU

In the security sandbox section, enable virtual execution of attachments for the entire organization.

Create a new OU and tum on the rapid release track just for this OU.

Create a new Google Group with test users and enable the rapid release track.

Establish a separate Dev environment, and set it to rapid release.

Ask Google for a demo account with beta access to the new features.

In the Admin Console, select the devices in Meeting Room Hardware, select Call, and Enter the meeting code.

Room participants will need to start the meeting from the remote in the room.

By adding the rooms to the Calendar invite, they will all auto-join at the scheduled time.

Select Add Live Stream to the Calendar invite; all rooms added to the event will auto-join at the scheduled time.

Create a report using the OAuth Token Audit Activity logs.

Create a report using the Calendar Audit Activity logs.

Create a report using the Drive Audit Activity logs.

Create a reporting using the API Permissions logs for Installed Apps.

Modify the SPF record for your internal domain to include the IPs of the external user's mail servers.

Update the spam settings in the Admin Console to be less aggressive.

Add the sender's domain to an allowlist via approved senders in the Admin Console.

Instruct the user to add the senders to their contacts.

Turn on Advanced Mobile Management for the domain.

Turn on Advanced Mobile Management for Sales OU

Set up Device Approvals.

Set up an Apple Push Certificate.

Deploy Apple Certificate to every device.

As a super administrator, modify the room calendar sharing settings, and limit it to the management and EAs group.

Delete the room from Google Workspace resources, and suggest using a spreadsheet shared with the management and EAs only for the room schedule.

As a super administrator, create a group calendar named “Management Room,” and share it only with the management and the EAs.

Move the room resource to the management and EAs group so that only they can use it.

Configure a data region at the top level OU of your organization, and set the value to “Europe”.

Add three additional OU structures to designate location within the current OU structure. Assign the corresponding data region to each.

Configure a configuration group for European users, and set the data region to “Europe”.

Configure three configuration groups within your domain. Assign the appropriate data regions to each corresponding group, but assign no preference to the users outside of the United States and Europe.

Install Google Cloud Directory Sync on all Domain Controllers.

Install Google Workspace Sync for Microsoft Outlook on all employees’ computers.

Install Google Cloud Directory Sync on a supported server.

Install Google Apps Manager to automate add-user scripts.

Deploy 2-Step Verification for all users who have security keys.

Deploy Google Cloud Armor on a dedicated project, and create a rule to allow access to Google Workspace only from specific locations.

Upgrade to Google Workspace Enterprise Plus for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees.

Subscribe to Cloud Identity Premium for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees.

For all executives, create new accounts with random characters to match Google best practices, migrate

data from the former accounts, and then delete them.

Implement an IP block on the malicious user's IPs under Security Settings in the Admin Console.

Use Context-Aware Access to deny access to Google services from geo locations other than the ones your organization operates in.

Enforce higher complexity passwords by rolling it out to the affected users.

Use Mobile device management geo-fencing to prevent malicious actors from using these stolen credentials.

Open Admin Console > Security > Dashboard > User Reports.

Open Admin Console > Security > Dashboard > Spam Filter- Phishing.

Use Reports API to query user Gmail activity.

Open Admin Console > Reporting > Email Log Search.

Create groups, add users accordingly, and educate users on how to share to specific groups of people.

Disable sharing to the entire organization so that users must consciously add every person who needs access.

Determine sharing boundaries for users that work with sensitive information, and then implement target audiences.

Temporarily disable the Google Drive service for individuals who continually overshare.

Add the product's IP addresses as an approved sender.

Allowlist the IP addresses of the third-party filtering product.

Add the product's IP addresses to your organization's SPF record.

List the IP addresses of the product as an Inbound Gateway.

Set up a Token audit log event alert.

Set up an Admin audit log event alert.

Set up an email settings changed alert.

Set up a suspicious login event alert.

Provide your current GCDS instance with admin credentials to the recently acquired organization's LDAP directory.

Add an LDAP sync rule to your current GCDS instance in order to synchronize new users.

Set up exclusion rules to ensure that users synced from the acquired organization's LDAP are not, suspended.

Set up an additional instance of GCDS running on another server, and handle the acquired organization's synchronization.

Upgrade to the multiple LDAP version of GCDS.

Add your partner domains IPs to the Inbound Gateway setting.

Change the spoofing protection to deliver the emails to spam instead of quarantining them.

Add your partner sending IP addresses to an allowlist.

Change the spoofing protection to deliver the emails to inboxes with a custom warning instead of quarantining them.

Organize users for each location in separate organizational units (OUs). Add room resources to the corresponding OUs so that meeting rooms would be suggested accordingly.

Organize users for each location in separate Google Groups. Add room resources to the corresponding groups so that meeting rooms would be suggested accordingly.

Share each room only with the Dynamic Group defined per each user location so that they can only book the rooms nearby.

Define users' work locations by setting building ID. floor name, and floor section if applicable as the-buildings and rooms are defined.

Train users to use Google Workspace’s merge contacts feature.

Enable directory contact deduplication in the Google Workspace Admin panel.

Update shared contact search rules to exclude internal users.

Create a new global directory, and delete the original.

Use the Directory API to upload a .csv file containing the contacts.

Configure GCDS to populate a Group with external members.

Use the People API to upload a .csv file containing the contacts.

Develop a custom application to call the Domain Shared Contacts API.

Configure GCDS to synchronize shared contacts.

Open Security Investigation Tool-> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is user1@example.com.

Have the super administrator use the Security API to audit Drive access.

As a super administrator, change the access on externally shared Drive files manually under user1@example.com.

Open Security Dashboard-> File Exposure Report-> Export to Sheet, and filter for user1@example.com.

Reset the user's sign-in cookies

Confirm that this user has their employee ID populated as a sign-in challenge.

Check the session length duration for the organizational unit the user is provisioned in.

Verify that 2-Step Verification is enforced for this user.

Add the acquired domain as an alias to the primary Google Workspace domain.

Add the acquired domain as a secondary domain to the primary Google Workspace domain, and then update the email information of all new users with alias emails.

Update the Google-provided test domain to be the domain of the acquired company, and then update the email information of all new users with alias emails.

Without adding a domain, update each user's email information with the previous domain.

Move the Senior VP to a sub-OU before enabling Marketplace Settings > “Allow Users to Install Any App from Google Workspace Marketplace.”

Confirm that the Senior VP’s OU has the following Gmail setting disabled before whitelisting the app: “Let users delegate access to their mailbox.”

Add the Marketplace app, then review the authorized scopes in Security > Manage API client access.

Search the Google Workspace support forum for feedback about the app to include in the risk analysis report.

Create a configuration group with the approved users as members, and use it to create a target audience.

Enable external sharing for the marketing and sales organizational units.

Enable external sharing only to allowlisted domains provided by marketing and sales teams.

Create a configuration group with the approved users as members, and enable external sharing for this group.

Use the security center to remove the messages from users' mailboxes

Use Google Vault to remove these messages from users mailboxes.

Enable a safety rule to send these types of messages to spam.

Enable a safety rule to send these types of messages to a quarantine.

Change Enrollment Permissions to only allow users in this organization to re-enroll existing devices.

Change Enrollment Controls to Place Chrome device in user organization.

Change Enrollment Controls to Keep Chrome device in current location.

Change Enrolment Permissions to not allow users in this organization to enroll new devices.

Name the rule > select Outbound and Internal Sending > select If ANY of the following match > add two expressions: one for Simple Content Match to find AccNo, and one for predefined content match to select Credit Card Numbers > choose Reject.

Name the rule > select Outbound > select If ANY of the following match > add two expressions: one for Simple Content Match to find AccNo, and one for predefined content match to select Credit Card Numbers

> choose Reject

Name the rule > select Outbound and Internal Sending > select If ALL of the following match > add two expressions: one for Advanced Content Match to find AccNo in the Body, and one for predefined content match to select Credit Card Numbers > choose Reject.

Name the rule > select Outbound > select If ALL of the following match > add two expressions: one for Advanced Content Match to find AccNo in the Body, and one for predefined content match to select Credit Card Numbers > choose Reject.

Enable additional security verification via email.

Enable authentication via the Google Authenticator.

Deploy browser or device certificates via Google Workspace.

Configure USB Yubikeys for all users.

Whitelist Trusted Apps

Disable the Drive SDK

Restrict API scopes

Disable add-ons for Gmail

Whitelist Google Workspace Marketplace apps

Create a new Google Workspace domain isolated from the existing one, and create users in the new domain instead.

Under Directory Settings > Contact sharing, disable the contact sharing option and wait for 24 hours to allow the settings to propagate before creating the new employee accounts.

Redesign your OU organization to have 2 child OUs for each company directly under the root. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the OU.

Create one dynamic group for each company based on a custom attribute defining the company. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the dynamic group.

Create a custom Apps Script to reset passwords.

Use a third-party tool for password recovery.

Enable non-admin password recovery.

Create a Google form to submit reset requests.

Turn on external sharing with whitelisted domains, and add the external organization to the whitelist.

Provision accounts within your domain for the external users, and turn off external sharing for that Org.

Configure the Drive DLP rules to prevent the sharing of PII and PHI outside of your domain.

Create a Team Drive for this engagement, and limit the memberships and sharing settings.

Set up Azure AD and federate on-premises AD with it. Provision user accounts from Azure AD with the Google-recommended process.

Modify the GCDS configuration to use the HRIS application as the data source and complete any necessary adjustments

Export HRIS data to a CSV file every day. and build a solution to define the delta with the previous day;

import the result as a CSV file via the Admin console.

Build an application that will fetch updated data from the HRIS system via Open API. and then update

Google Workspace with the Directory API accordingly.

Train users to click on Not Spam button for emails.

Add all users of your domain to an approved sender list.

Force TLS for your domain.

Ensure that your inbound gateway is configured with all of your Exchange server IP addresses.

Apps > add SAML apps to your domain.

Reconfigure user provisioning via Google Cloud Directory Sync.

Replace the third-party IDP verification certificate.

Disable SSO with third party IDP.

Enable API Permissions for Google Cloud Platform.

In the GCDS configuration manager, update the group deletion policy setting to “don't delete Google groups not found in LDAP.”

Use the Directory API to check and update the group’s membership after the GCDS sync is completed.

Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.

In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”

Run the Transfer Tool for Unmanaged users.

Use a Google Form to survey the Marketing department users.

Assure the VP that there is no action required to configure Google Workspace.

Contact Google Enterprise Support to identify affected users.

Use the Directory API to create a custom batch script that modifies the users license on a daily basis

Create a license assignment rule in the Google Admin console to set user licensing based on directory attributes.

Use Google Cloud Directory Sync to modify user licensing with each sync, according to information available in the organization's LDAP

Update user licensing in the user portion of the Admin console on an as-needed basis.

Confirm that the user has a Google Workspace Enterprise Plus license.

Delete and recreate a new Context-Aware Access device policy.

Check whether device policy application is installed on users’ devices.

Confirm that the user has at least a Google Workspace Business license.

Check whether Endpoint Verification is installed on users’ desktops.

Have the HR lead create a folder in their MyDrive for the non-confidential files, give edit access to the HR team, and give view access to the organization.

Create a shared drive for the non-confidential files, give the HR team manager access, and give contributor access to the entire organization.

Create a shared drive for non-confidential files, give the HR team content manager access, and give view access to the organization.

Create a shared drive for all files, give the HR team content manager access, and give view access to the organization.

Use the conflict account remove tool to remove the accounts from Google Workspace.

Rename the accounts to temp@your-company.com, and recreate the accounts.

Ask users to request a new Google Workspace account from your local admin.

Use the Transfer tool for unmanaged users to find the conflict accounts.