Professional Collaboration Engineer is the G Suite’s Evaluate individual competencies in deploying, configuring, supporting, managing and monitoring administrative tasks, and Demonstrated ability to implement solutions across the platform to improve operational efficiency It is a certification to
Google Cloud Certified – Professional Cloud Developer (38 Q)
QUESTION 1
Your company has an OU (Organizational Unit) that contains your sales team and an OU that contains your market research team.
The sales team is often a target of mass email from legitimate senders, which is distracting to their job duties. The market research team also receives that email content, but they want it because it often contains interesting market analysis or competitive intelligence. Constant Contact is often used as the source of these messages. Your company also uses Constant Contact for your own mass email marketing.
You need to set email controls at the Sales OU without affecting your own outgoing email or the market research OU.
What should you do?
- A. Create a blocked senders list as the Sales OU that contains the mass email sender addresses, but bypass this setting for Constant Contact emails.
- B. Create a blocked senders list at the root level, and then an approved senders list at the Market Research OU, both containing the mass email sender addresses.
- C. Create a blocked senders list at the Sales OU that contains the mass email sender addresses.
- D. Create an approved senders list at the Market Research OU that contains the mass email sender addresses.
Correct Answer: A
QUESTION 2
Your company has received help desk calls from users about a new interface in Gmail that they had not seen before.
They determined that it was a new feature that Google released recently. In the future, you’ll need time to review the new features so you can properly train employees before they see changes.
What action should you take?
- A. Company Profile > Profile > New User Features > Enable “Scheduled Release”.
- B. Apps > G Suite > Gmail > Labs >Uncheck “Enable Gmail Labs for my users”.
- C. Company Profile > Profile > New User Features > Enable “Rapid Release”.
- D. Device Management > Chrome Device> Device Settings > Stop auto-updates.
Correct Answer: A
Reference:
– Choose when users get new features
QUESTION 3
Your company frequently hires from five to ten interns for short contract engagements and makes use of the same generically named G Suite accounts (e.g.,user1@your-company.com, user2@your-company.com, user3@your-company.com).
The manager of this program wants all email to these accounts routed to themanager’s mailbox account also.
What should you do?
- A. Setup address forwarding in each account’s Gmail setting menu.
- B. Set up recipient address mapping in Gmail Advanced Settings.
- C. Configure an Inbound Gateway route.
- D. Give the manager delegated access to the mailboxes.
Correct Answer: C
Reference:
– Email routing and delivery
QUESTION 4
Your-company.com recently bought 2,500 Chrome devices and wants to distribute them to various teams globally.
You decided that enterprise enrollment would be the best way to enforce company policies for managed Chrome devices.
You discovered that Chrome devices currently end up in the top-level organization unit, and this needs to change to the organizational unit of the device administrator.
What should you do?
- A. Change Enrollment Permissions to only allow users in this organization to re-enroll existing devices.
- B. Change Enrollment Controls to Place Chrome device in user organization.
- C. Change Enrollment Controls to Keep Chrome device in current location.
- D. Change Enrolment Permissions to not allow users in this organization to enroll new devices.
Correct Answer: A
QUESTION 5
Your company recently migrated to G Suite and wants to deploy a commonly used third-party app to all of finance. Your OU structure in G Suite is broken down by department.
You need to ensure that the correct users get this app.
What should you do?
- A. For the Finance OU, enable the third-party app in SAML apps.
- B. For the Finance OU, enable the third-party app in G Suite Marketplace Apps.
- C. At the root level, disable the third-party app. For the Finance OU, allow users to install any application from the G Suite Marketplace.
- D. At the root level, disable the third-party app. For the Finance OU, allow users to install only whitelisted apps from the G Suite Marketplace.
Correct Answer: B
Reference:
– Whitelist G Suite Marketplace apps
QUESTION 6
The CEO of your company has indicated that messages from trusted contacts are being delivered to spam, and it is significantly affecting their work.
The messages from these contacts have not always been classified as spam. Additionally, you recently configured SPF, DKIM, and DMARC for your domain.
You have been tasked with troubleshooting the issue.
What two actions should you take? (Choose two.)
- A. Obtain the message header and analyze using G Suite Toolbox.
- B. Review the contents of the messages in Google Vault.
- C. Set up a Gmail routing rule to whitelist the sender.
- D. Conduct an Email log search to trace the message route.
- E. Validate that your domain is not on the Spamhaus blacklist.
Correct Answer: A, C
QUESTION 7
Security and Compliance has identified that data is being leaked through a third-party application connected to G Suiteю You want to investigate using an audit log.
What log should you use?
- A. Admin audit log
- B. SAML audit log
- C. Drive usage audit log
- D. OAuth Token audit log
Correct Answer: D
Reference:
– OAuth Token audit log
QUESTION 8
A company has thousands of Chrome devices and bandwidth restrictions.
They want to distribute the Chrome device updates over a period of days to avoid traffic spikes that would impact the low bandwidth network.
Where should you enable this in the Chrome management settings?
- A. Randomly scatter auto-updates.
- B. Update over cellular.
- C. Disable Auto update.
- D. Throttle the bandwidth
Correct Answer: A
Reference:
– Manage updates on Chrome devices
QUESTION 9
Your company moved to G Suite last month and wants to install Hangouts Meet Hardware in all of their conference rooms. This will allow employees to walk into a room and use the in-room hardware to easily join their scheduled meeting. A distributed training session is coming up, and the facilitator wants to make remote room joining even easier.
Participants in remote rooms should walk into their room and begin receiving the training without having to take any actions to join the session.
How should you accomplish this?
- A. In the Admin Console, select the devices in Meeting Room Hardware, select Call, and Enter the meeting code.
- B. Room participants will need to start the meeting from the remote in the room.
- C. By adding the rooms to the Calendar invite, they will all auto-join at the scheduled time.
- D. Select Add Live Stream to the Calendar invite; all rooms added to the event will auto-join at the scheduled time.
Correct Answer: D
QUESTION 10
You are supporting an investigation that is being conducted by your litigation team.
The current default retention policy for mail is 180 days, and there are no custom mail retention policies in place.
The litigation team has identified a user who is central to the investigation, and they want to investigate the mail data related to this user without the user’s awareness.
What two actions should you take? (Choose two.)
- A. Move the user to their own Organization Unit, and set a custom retention policy
- B. Create a matter using Google Vault, and share the matter with the litigation team members.
- C. Create a hold on the user’s mailbox in Google Vault.
- D. Reset the user’s password, and share the new password with the litigation team.
- E. Copy the user’s data to a secondary account.
Correct Answer: D, E
QUESTION 11
Your Accounts Payable department is auditing software license contracts companywide and has asked you to provide a report that shows the number of active and suspended users by organization unit, which has been set up to match the Regions and Departments within your company.
You need to produce a Google Sheet that shows a count of all active user accounts and suspended user accounts by Org unit.
What should you do?
- A. From the Admin Console Billing Menu, turn off auto-assign, and then click into Assigned Users and export the data to Sheets.
- B. From the Admin Console Users Menu, download a list of all Users to Google Sheets, and join that with a list of ORGIDs pulled from the Reports API.
- C. From the G Suite Reports Menu, run and download the Accounts Aggregate report, and export the data to Google Sheets.
- D. From the Admin Console Users Menu, download a list of all user info columns and currently selected columns.
Correct Answer: D
Reference:
– Download a list of users
QUESTION 12
You have configured your G Suite account on the scheduled release track to provide additional time to prepare for new product releases and determine how they will impact your users.
There are some new features on the latest roadmap that your director needs you to test as soon as they become generally available without changing the release track for the entire organization.
What should you do?
- A. Create a new OU and tum on the rapid release track just for this OU.
- B. Create a new Google Group with test users and enable the rapid release track.
- C. Establish a separate Dev environment, and set it to rapid release.
- D. Ask Google for a demo account with beta access to the new features.
Correct Answer: A
Reference:
– Choose when users get new features
QUESTION 13
You are using Google Cloud Directory Sync to manage users. You performed an initial sync of nearly 1,000 mailing lists to Google Groups with Google Cloud Directory Sync and now are planning to manage groups directly from Google.
Over half the groups have been configured with incorrect settings, including who can post, who can join, and which groups can have external members.
You need to update groups to be configured correctly.
What should you do?
- A. Use the bulk upload with CSV feature in the G Suite Admin panel to update all Groups.
- B. Update your configuration file and resync mailing lists with Google Cloud Directory Sync.
- C. Create and assign a custom admin role for all group owners so they can update settings.
- D. Use the Groups Settings API to update Google Groups with desired settings.
Correct Answer: A
QUESTION 14
In your organization, users have been provisioned with either G Suite Enterprise, G Suite Business, or no license, depending on their job duties, and the cost of user licenses is paid out of each division’s budget.
In order to effectively manage the license disposition, team leaders require the ability to look up the type of license that is currently assigned, along with the last logon date, for their direct reports.
You have been tasked with recommending a solution to the Director of IT, and have gathered the following requirements:
- Team leaders must be able to retrieve this data on their own (i.e., self-service).
- Team leaders are not permitted to have any level of administrative access to the G Suite Admin panel.
- Team leaders must only be able to look up data for their direct reports.
- The data must always be current to within 1 week.
- Costs must be mitigated.
What approach should you recommend?
- A. Export log data to BigQuery with custom scopes.
- B. Use a third-party tool.
- C. Use App Script and filter views within a Google Sheet.
- D. Create an app using AppMaker and App Script.
Correct Answer: C
QUESTION 15
Your organization has been on G Suite Enterprise for one year.
Recently, an admin turned on public link sharing for Drive files without permission from security. Your CTO wants to get better insight into changes that are made to the G Suite environment.
The chief security officer wants that data brought into your existing SIEM system.
What are two ways you should accomplish this? (Choose two.)
- A. Use the Data Export Tool to export admin audit data to your existing SIEM system.
- B. Use Google Apps Script and the Reports API to export admin audit data to your existing SIEM system.
- C. Use Google Apps Script and the Reports API to export drive audit data to the existing SIEM system.
- D. Use the BigQuery export to send admin audit data to the existing SIEM system via custom code.
- E. Use the BigQuery export to send drive audit data to the existing SIEM system via custom code.
Correct Answer: C, E
QUESTION 16
The executive team for your company has an extended retention policy of two years in place so that they have access to email for a longer period of time.
Your COO has found this useful in the past but when they went to find an email from last year to prove details of a contract in dispute, they were unable to find it. itis no longer in the Trash.
They have requested that you recover it.
What should you do?
- A. Using Vault, perform a search for the email and export the content to a standard format to provide for investigation.
- B. Using the Gmail Audit log, perform a search for the email, export the results, then import with G Suite Migration for Microsoft Outlook.
- C. Using the Message ID, contact Google G Suite support to recover the email, then import with G Suite Migration for Microsoft Outlook.
- D. Using the Vault Audit log, perform a search for the email, export the results. then import with G Suite Migration for Microsoft Outlook.
Correct Answer: A
QUESTION 17
In the years prior to your organization moving to G Suite, it was relatively common practice for users to create consumer Google accounts with their corporate email address (for example, to monitor Analytics, manage AdSense, and collaborate in Docs with other partners who were on G Suite.) You were able to address active employees’ use of consumer accounts during the rollout, and you are now concerned about blocking former employees who could potentially still have access to those services even though they don’t have access to their corporate email account.
What should you do?
- A. Contact Google Enterprise Support to provide a list of all accounts on your domain(s) that access non-G Suite Google services and have them blocked.
- B. Use the Transfer Tool for Unmanaged Accounts to send requests to the former users to transfer their account to your domain as a managed account.
- C. Provide a list of all active employees to the managers of your company’s Analytics, AdSense, etc. accounts, so they can clean up the respective access control lists.
- D. Provision former user accounts with Cloud Identity licenses, generate a new Google password, and place them in an OU with all G Suite and Other Google Services disabled.
Correct Answer: C
QUESTION 18
Your organization has implemented Single Sign-On (SSO) for the multiple cloud-based services it utilizes. During authentication, one service indicates that access to the SSO provider cannot be accessed due to invalid information.
What should you do?
- A. Verify the NameID Element in the SAML Response matches the Assertion Consumer Service (ACS) URL.
- B. Verify the Audience Element in the SAML Response matches the Assertion Consumer Service (ACS) URL.
- C. Verify the Subject attribute in the SAML Response matches the Assertion Consumer Service (ACS) URL.
- D. Verify the Recipient attribute in the SAML Response matches the Assertion Consumer Service (ACS) URL.
Correct Answer: B
Reference:
– Troubleshooting SAML when Auth0 is the Service Provider
QUESTION 19
A user does not follow their usual sign-in pattern and signs in from an unusual location.
What type of alert is triggered by this event?
- A. Suspicious mobile activity alert.
- B. Suspicious login activity alert.
- C. Leaked password alert.
- D. User sign-in alert.
Correct Answer: B
Reference:
– Stop suspicious login activity alerts
QUESTION 20
The application development team has come to you requesting that a new, internal, domain-owned G Suite app be allowed to access Google Drive APIs.
You are currently restricting access to all APIs using approved whitelists, per security policy.
You need to grant access for this app.
What should you do?
- A. Enable all API access for Google Drive.
- B. Enable “trust domain owned apps” setting.
- C. Add OAuth Client ID to Google Drive Trusted List.
- D. Whitelist the app in the G Suite Marketplace.
Correct Answer: C
QUESTION 21
Your company’s Chief Information Security Officer has made a new policy where third-party apps should not have OAuth permissions to Google Drive. You need to
reconfigure current settings to adhere to this policy.
What should you do?
- A. Access the Security Menu> API Reference > disable all API Access.
- B. Access the Security Menu > API Permissions > choose Drive and Disable All Access.
- C. Access the Security Menu > API Permissions > choose Drive and Disable High Risk Access.
- D. Access Apps > G Suite > Drive and Docs > Sharing Settings and disable sharing outside of your domain.
Correct Answer: D
Reference:
– Set Drive users’ sharing permissions
QUESTION 22
How can you monitor increases in user reported Spam as identified by Google?
- A. Review post-delivery activity in the Email logs.
- B. Review user-reported spam in the Investigation Tool.
- C. Review spike in user-reported spam in the Alert center.
- D. Review post-delivery activity in the BigQuery Export.
Correct Answer: C
QUESTION 23
The CFO just informed you that one of their team members wire-transferred money to the wrong account because they received an email that appeared to be from the CFO. The CFO has provided a list of all users that may be responsible for sending wire transfers. The CFO also provided a list of banks the company sends wire transfers to. There are no external users that should be requesting wire transfers. The CFO is working with the bank to resolve the issue and needs your help to ensure that this does not happen again.
What two actions should you take? (Choose two.)
- A. Configure objectionable content to reject messages with the words “wire transfer.”
- B. Verify that DMARC, DKIM, and SPF records are configured correctly for your domain.
- C. Create a rule requiring secure transport for all messages regarding wire transfers.
- D. Add the sender of the wire transfer email to the blocked senders list.
- E. Enable all admin settings in Gmail’s safety > spoofing and authentication.
Correct Answer: B, D
QUESTION 24
Your company is in the process of deploying Google Drive Enterprise for your sales organization. You have discovered that there are many unmanaged accounts across your domain.
Your security team wants to manage these accounts moving forward.
What should you do?
- A. Disable access to all “Other Services” in the G Suite Admin Console.
- B. Use the Transfer Tool for unmanaged accounts to invite users into the domain.
- C. Use the Data Migration Service to transfer the data to a managed account.
- D. Open a support ticket to have Google transfer unmanaged accounts into your domain.
Correct Answer: C
QUESTION 25
Your chief compliance officer is concerned about API access to organization data across different cloud vendors. He has tasked you with compiling a list of applications that have API access to G Suite data, the data they have access to, and the number of users who are using the applications.
How should you compile the data being requested?
- A. Review the authorized applications for each user via the G Suite Admin panel.
- B. Create a survey via Google forms, and collect the application data from users.
- C. Review the token audit log, and compile a list of all the applications and their scopes.
- D. Review the API permissions installed apps list, and export the list.
Correct Answer: A
QUESTION 26
Your organization syncs directory data from Active Directory to G Suite via Google Cloud Directory Sync. Users and Groups are updated from Active Directory on an hourly basis. A user’s last name and primary email address have to be changed. You need to update the user’s data.
What two actions should you take? (Choose two.)
- A. Add the user’s old email address to their account in the G Suite Admin panel.
- B. Change the user’s primary email address in the G Suite Admin panel.
- C. Change the user’s last name in the G Suite Admin panel.
- D. Change the user’s primary email in Active Directory.
- E. Change the user’s last name in Active Directory.
Correct Answer: A, C
QUESTION 27
Your CISO is concerned about third party applications becoming compromised and exposing G Suite data you have made available to them. How could you provide granular insight into what data third party applications are accessing?
What should you do?
- A. Create a report using the OAuth Token Audit Activity logs.
- B. Create a report using the Calendar Audit Activity logs.
- C. Create a report using the Drive Audit Activity logs.
- D. Create a reporting using the API Permissions logs for Installed Apps.
Correct Answer: A
QUESTION 28
Your Security Officer ran the Security Health Check and found the alert that “Installation of mobile applications from unknown sources” was occurring. They have asked you to find a way to prevent that from happening.
Using Mobile Device Management (MDM), you need to configure a policy that will not allow mobile applications to be installed from unknown sources.
What MDM configuration is needed to meet this requirement?
- A. In the Application Management menu, configure the whitelist of apps that Android and iOS devices are allowed to install.
- B. In the Application Management menu, configure the whitelist of apps that Android, iOS devices, and Active Sync devices are allowed to install.
- C. In Android Settings, ensure that “Allow non-Play Store apps from unknown sources installation” is unchecked.
- D. In Device Management > Setup > Device Approvals menu, configure the “Requires Admin approval” option.
Correct Answer: C
Reference:
– Monitor the health of your device management settings
QUESTION 29
After a recent transition to G Suite, helpdesk has received a high volume of password reset requests and cannot respond in a timely manner.
Your manager has asked you to determine how to resolve these requests without relying on additional staff.
What should you do?
- A. Create a custom Google Apps Script to reset passwords.
- B. Use a third-party tool for password recovery.
- C. Enable non-admin password recovery.
- D. Create a Google form to submit reset requests.
Correct Answer: C
Reference:
– Set up password recovery for users
QUESTION 30
Your organization deployed G Suite Enterprise within the last year, with the support of a partner. The deployment was conducted in three stages: Core IT, Google Guides, and full organization.
You have been tasked with developing a targeted ongoing adoption plan for your G Suite organization.
What should you do?
- A. Use Google Guides to deliver ad-hoc training to all of their co-workers and reports.
- B. Use Work Insights to gather adoption metrics and target your training exercises.
- C. Use Reports APIs to gather adoption metrics and Gmail APIs to deliver training content directly.
- D. Use a script to monitor Email attachment types and target users that aren’t using Drive sharing.
Correct Answer: A
QUESTION 31
Your company recently decided to use a cloud-based ticketing system for your customer care needs. You are tasked with rerouting email coming into your customer care address, customercare@your-company.com to the cloud platform’s email address, your-company@cloudprovider.com.
As a security measure, you have mail forwarding disabled at the domain level.
What should you do?
- A. Create a mail contact in the G Suite directory that has an email address of your-company@cloudprovider.com.
- B. Create a rule to forward mail in the customercare@your-company.com mailbox to your-company@cloudprovider.com.
- C. Create a recipient map in the G Suite Admin console that maps customercare@your-company.com to your-company@cloudprovider.com.
- D. Create a content compliance rule in the G Suite Admin console to change route to your-company@cloudprovider.com.
Correct Answer: B
QUESTION 32
Your business partner requests that a new custom cloud application be set up to log in without having separate credentials.
What is your business partner required to provide in order to proceed?
- A. Service provider logout URL.
- B. Service provider ACS URL.
- C. Identity Provider URL.
- D. Service provider certificate.
Correct Answer: B
Reference:
– Set up your own custom SAML application
QUESTION 33
Your organization has recently gone Google, but you are not syncing Groups yet. You plan to sync all of your Active Directory group objects to Google Groups with a single GCDS configuration.
Which scenario could require an alternative deployment strategy?
- A. Some of your Active Directory groups have sensitive group membership.
- B. Some of the Active Directory groups do not have owners.
- C. Some of the Active Directory groups have members external to organization.
- D. Some of the Active Directory groups do not have email addresses.
Correct Answer: C
QUESTION 34
Your company has just received a shipment of ten Chromebooks to be deployed across the company, four of which will be used by remote employees. In order to prepare them for use, you need to register them in G Suite.
What should you do?
- A. Turn on the Chromebook and press Ctrl+Alt+E at the login screen to begin enterprise enrollment.
- B. In Chrome Management | Device Settings, enable Forced Re-enrollment for all devices.
- C. Turn on the chromebook and log in as a Chrome Device admin. Press Ctrl+Alt+E to begin enterprise enrollment.
- D. Instruct the employees to log in to the Chromebook. Upon login, the auto enrollment process will begin.
Correct Answer: A
Reference:
– Enroll devices
QUESTION 35
All Human Resources employees at your company are members of the “HR Department” Team Drive.
The HR Director wants to enact a new policy to restrict access to the “Employee Compensation” subfolder stored on that Team Drive to a small subset of the team.
What should you do?
- A. Use the Drive API to modify the permissions of the Employee Compensation subfolder.
- B. Use the Drive API to modify the permissions of the individual files contained within the subfolder.
- C. Move the contents of the subfolder to a new Team Drive with only the relevant team members.
- D. Move the subfolder to the HR Director’s MyDrive and share it with the relevant team members.
Correct Answer: B
QUESTION 36
User A is a Basic License holder. User B is a Business License holder. These two users, along with many additional users, are in the same organizational unit at the same company. When User A attempts to access Drive, they receive the following error: “We are sorry, but you do not have access to Google Docs Editors.
Please contact your Organization Administrator for access.” User B is not presented with the same error and accesses the service without issues.
How do you provide access to Drive for User A?
- A. Select User A in the Directory, and under the Apps section, check whether Drive and Docs is disabled. If so, enable it in the User record.
- B. In Apps > G Suite > Drive and Docs, select the organizational unit the users are in and enable Drive for the organizational unit.
- C. In Apps > G Suite, determine the Group that has Drive and Docs enabled as a service. Add User A to this group.
- D. Select User A in the Directory, and under the Licenses section, change their license from Basic to Business to add the Drive and Docs service.
Correct Answer: D
QUESTION 37
Your company is deploying Chrome devices.
You want to make sure the machine assigned to the employee can only be signed in to by that employee and no one else.
What two things should you do? (Choose two.)
- A. Disable Guest Mode and Public Sessions.
- B. Enable a Device Policy of Sign In Screen and add the employee email address.
- C. Enroll a 2-Factor hardware key on the device using the employee email address.
- D. Enable a User Policy of Multiple Sign In Access and add just the employee email address.
- E. Enable a Device Policy of Restrict Sign In to List of Users, and add the employee email address.
Correct Answer: B, C
QUESTION 38
The organization has conducted and completed Security Awareness Training (SAT) for all employees. As part of a new security policy, employees who did not complete the SAT have had their accounts suspended.
The CTO has requested to be informed of any accounts that have been re-enabled to ensure no one is in violation of the new security policy.
What should you do?
- A. Enable “Suspicious login” rule – Other Recipients: CTO.
- B. Enable “Suspended user made active” rule – Other Recipients: CTO.
- C. Enable “Email settings changed” rule – -Other Recipients: CTO.
- D. Enable “Suspended user made active” rule and select “Deliver to” Super Administrator(s).
Correct Answer: D
Comments are closed