Google-Workspace-Administrator Google Cloud Certified - Professional Google Workspace Administrator Questions and Answers

Develop a cadence of regular roadmap and business reviews with your partner.

Regularly scan the admin console and keep track of any new features you identify.

Create a Feature Release alert in the Alert Center to be alerted to new functionality.

Put half of your organization on the Rapid Release Schedule to highlight differences.

Review who has viewed files using the Google Drive Activity Dashboard.

Create an alert from Drive Audit reports to notify of external file sharing.

Review total external sharing in the Aggregate Reports section.

Create a custom Dashboard for external sharing in the Security Investigation Tool.

Automatically block external sharing using DLP rules.

For the Finance OU, enable the third-party app in SAML apps.

For the Finance OU, enable the third-party app in Marketplace Apps.

At the root level, disable the third-party app. For the Finance OU, allow users to install any application from the Google Workspace Marketplace.

At the root level, disable the third-party app. For the Finance OU, allow users to install only whitelisted apps from the Google Workspace Marketplace.

Create a Google Group that has the two auditors as members, and then create a Drive DLP Rule that is assigned to that Group.

Create a Content Compliance rule that looks for outbound share notifications from those two users, and Bcc the Director on those emails.

Create two Drive Audit Alerts, one for each user, where the Visibility is “Shared Externally,” and email them to the Director.

Check the Admin Console Dashboard Insights page periodically for external shares, and notify the Director of any changes.

Implement a third-party solution that will detect presence in the room and release it if nobody appears after a few minutes.

Create a Google App Script that will inspect each room calendar for the next 12 hours, check attendees status, and send the room administrator an alert email for releasing the room if all attendees have declined but the room has not.

Set the option "Allow calendar-based room release" for all targeted rooms.

Upgrade to Google Workspace Enterprise Plus edition to benefit from additional features for automated machine learning (ML) based resources management.

Run the Transfer Tool for Unmanaged users.

Use a Google Form to survey the Marketing department users.

Assure the VP that there is no action required to configure Google Workspace.

Contact Google Enterprise Support to identify affected users.

Create a blocked senders list as the Sales OU that contains the mass email sender addresses, but bypass this setting for Constant Contact emails.

Create a blocked senders list at the root level, and then an approved senders list at the Market Research OU, both containing the mass email sender addresses.

Create a blocked senders list at the Sales OU that contains the mass email sender addresses.

Create an approved senders list at the Market Research OU that contains the mass email sender addresses.

Enable email safety features with the receiving domain.

Set up secure transport compliance with the receiving domain.

Configure an alternate secure route with the receiving domain.

Set up DKIM authentication with the receiving domain.

Disable access to all “Other Services” in the Google Workspace Admin Console.

Use the Transfer Tool for unmanaged accounts to invite users into the domain.

Use the Data Migration Service to transfer the data to a managed account.

Open a support ticket to have Google transfer unmanaged accounts into your domain.

Create a new Google Workspace domain isolated from the existing one, and create users in the new domain instead.

Under Directory Settings > Contact sharing, disable the contact sharing option and wait for 24 hours to allow the settings to propagate before creating the new employee accounts.

Redesign your OU organization to have 2 child OUs for each company directly under the root. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the OU.

Create one dynamic group for each company based on a custom attribute defining the company. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the dynamic group.

In the user deletion process, select “Transfer” in the data in other apps section and add the manager's email address.

Use Google Vault to set a retention period on the OU where the users reside.

Before deleting the user, add the user to the marketing shared drive as a contributor and move the documents into the new location.

Ask the user to create a folder under MyDrive, move the documents to be shared, and then share that folder with the marketing team manager.

Update the validation certificate.

Verify that the Audience element in the SAML Response matches the assertion consumer service (ACS) URL

Run nslookup to confirm that the service exists.

Ensure that Microsoft's Active Directory Federation Services 2.0 sends encrypted SAML Responses in default configurations.

Deploy 2-Step Verification for all users who have security keys.

Deploy Google Cloud Armor on a dedicated project, and create a rule to allow access to Google Workspace only from specific locations.

Upgrade to Google Workspace Enterprise Plus for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees.

Subscribe to Cloud Identity Premium for all accounts, and define Context-Aware Access levels to only a list of countries where the company has employees.

For all executives, create new accounts with random characters to match Google best practices, migrate

data from the former accounts, and then delete them.

Give the users super admin rights to view the admin quarantine.

Give the users Services > Gmail > Access Admin Quarantine admin privileges.

Configure the admin quarantine to allow end users to release messages.

Give the users Services > Security Center admin privileges.

Have the HR lead create a folder in their MyDrive for the non-confidential files, give edit access to the HR team, and give view access to the organization.

Create a shared drive for the non-confidential files, give the HR team manager access, and give contributor access to the entire organization.

Create a shared drive for non-confidential files, give the HR team content manager access, and give view access to the organization.

Create a shared drive for all files, give the HR team content manager access, and give view access to the organization.

Add other users as “Editors” on the Drive object, thus spreading the storage quota debt between all of them.

Manually export and back up the data locally, and delete the affected files from Drive to alleviate the debt.

Make another user the “Owner” of the Drive objects, thus transferring the storage quota debt to them.

Perform an API query for large storage drive objects, and delete them, thus alleviating the quota debt.

Move the affected items to a Shared Drive. Shared Drives transfer ownership of the drive item to the domain itself, which alleviates the quota debt from that user.

The email address of the sender and the subject and date/time of the missing message.

The type of device the individual is using, including the OS version, browser, and browser version.

The sender's domain so you can review their SPF and DKIM configuration.

The sender's IP address, mail client, and mail platform.

Disable 2-Step Verification per organizational unit so the affected users can sign in.

Move the affected users into the exception group temporarily so they can set up 2-Step Verification, and then remove them from the exception group after successful sign-in is confirmed.

Disable 2-Step Verification organization-wide so all users can successfully sign in.

Move the affected users into the exception group permanently so they do not have to use 2-Step Verification going forward.

Create a mail contact in the Google Workspace directory that has an email address of your- company@cloudprovider.com

Create a rule to forward mail in the customercare@your-company.com mailbox to your- company@cloudprovider.com

Create a recipient map in the Google Workspace Admin console that maps customercare@your-company.com to your-company@cloudprovider.com

Create a content compliance rule in the Google Workspace Admin console to change route to your- company@cloudprovider.com

The Apps Script will need to run as a Google Workspace admin.

You will need a Cloud SQL instance to store “G-Team’ data.

The Google Form will need to be limited to internal users only.

The Apps Script will need to run on a timed interval to process new entries.

The Google Form will need to enforce Group naming conventions.

Create a Google Groups Collaborative Inbox.

Use App Script to design a ticketing system that marks conversation ownership.

Contract with a third-party solution, such as ServiceNow.

Create Google Tasks and assign them to receptionists to address unanswered questions.

Run queries in Security Investigation Tool.

Turn on advanced phishing and malware protection.

Enable Security Sandbox.

Enable Gmail confidential mode.

Allow external sharing of Drive content for the IT group only.

Create a Drive DLP policy that will allow sharing to only domains on an allowlist.

Use shared drives to store the content, and share only individual files externally.

Let users share files between the two companies by using the ‘Trusted Domains’ feature. Create an allowlist of the trusted domains, and choose sharing settings for the users.

Turn on Advanced Mobile Management for the domain.

Turn on Advanced Mobile Management for Sales OU

Set up Device Approvals.

Set up an Apple Push Certificate.

Deploy Apple Certificate to every device.

Add the acquired domain as an alias to the primary Google Workspace domain.

Add the acquired domain as a secondary domain to the primary Google Workspace domain, and then update the email information of all new users with alias emails.

Update the Google-provided test domain to be the domain of the acquired company, and then update the email information of all new users with alias emails.

Without adding a domain, update each user's email information with the previous domain.

Create a new OU and tum on the rapid release track just for this OU.

Create a new Google Group with test users and enable the rapid release track.

Establish a separate Dev environment, and set it to rapid release.

Ask Google for a demo account with beta access to the new features.

Open Admin Console > Security > API Controls > App Access Control > Manage Third Party App Access.

Open Admin Console > Security > API Controls > App Access Control > Manage Google Services.

Open Admin Console > Security > Less Secure Apps.

Open Admin Console > Security > API Controls > App Access Control > Settings.

In the Users list, find the VIPs and turn off the User setting “Directory Sharing.”

Create a Group for the VIPs and their handlers, and set the Group Access Level to Restricted.

In Directory Settings, disable Contact Sharing.

Create separate Custom Directories for the VIPs and regular employees.

Configure a data region at the top level OU of your organization, and set the value to “Europe”.

Add three additional OU structures to designate location within the current OU structure. Assign the corresponding data region to each.

Configure a configuration group for European users, and set the data region to “Europe”.

Configure three configuration groups within your domain. Assign the appropriate data regions to each corresponding group, but assign no preference to the users outside of the United States and Europe.

Service provider logout URL

Service provider ACS URL

Identity Provider URL

Service provider certificate

Use routing rules to dual-deliver mail to an on-premises SMTP server and Google Workspace.

Write a script and use Google Workspace APIs to access and download user data.

Use a third-party tool to configure secure backup of Google Workspace data.

Train users to use Google Takeout and store their archives locally.

Establish a new Google Workspace tenant with their own admin for each region.

Create an OU for each country. Create an admin role and assign an admin with that role per OU.

Create Admin Alerts, and use the Security Center to audit whether admins manage countries other than their own.

Create a Team Drive per OU, and allow only country-specific administration of each folder.

Collect full message headers for examination.

Check whether the issue occurs when the user authenticates on a different device or a new incognito window.

Check whether a ping test to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful.

Check whether traceroute to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful.

Create accounts for external users and assign Vault privileges.

Share Vault access with external users.

Assign an Archived User license to the external users.

Temporarily assign the super admin role to the users

Company Profile > Profile > New User Features > Enable “Scheduled Release”

Apps > Google Workspace > Gmail > Uncheck “Enable Gmail Labs for my users”

Company Profile > Profile > New User Features > Enable “Rapid Release”

Device Management > Chrome > Device Settings > Stop auto-updates

Randomly scatter auto-updates.

Update over cellular.

Disable Auto update.

Throttle the bandwidth.

Add the legal team to the User Management Admin system role.

Add the legal team to the Google Vault Google Group.

Create a custom role with Google Vault access, and add the legal team.

Create a matter in Google Vault, and share with the legal team.

Use the conflict account remove tool to remove the accounts from Google Workspace.

Rename the accounts to temp@your-company.com, and recreate the accounts.

Ask users to request a new Google Workspace account from your local admin.

Use the Transfer tool for unmanaged users to find the conflict accounts.

Train users to click on Not Spam button for emails.

Add all users of your domain to an approved sender list.

Force TLS for your domain.

Ensure that your inbound gateway is configured with all of your Exchange server IP addresses.

Create a company-owned device inventory using an asset tag.

Devices > Endpoints > Add a filter-> Management Type > Drive for desktop > Apply

Apps > Google Workspace > Drive and Docs > Features and Applications > Google Drive for Desktop > Only Allow Google Drive for desktop on authorized devices

Install the Google Endpoint Verification extension on machines using Drive for Desktop.

Create a company-owned device inventory using serial numbers of devices.

Modify your Marketplace Settings to block users from installing any app from the Marketplace.

Set all API services to “restricted access” and ensure that all connected apps have limited access.

Remove all client IDs and scopes from the list of domain-wide delegation API clients.

Block each connected app's access.

Use the bulk upload with CSV feature in the Google Workspace Admin panel to update all Groups.

Update your configuration file and resync mailing lists with Google Cloud Directory Sync.

Create and assign a custom admin role for all group owners so they can update settings.

Use the Groups Settings API to update Google Groups with desired settings.