|As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted? In the GCDS configuration manager, update the group deletion policy setting to “don't delete Google groups not found in LDAP.” Use the Directory API to check and update the group’s membership after the GCDS sync is completed. Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute. In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to “delete only active Google domain users not found in LDAP.”.
Your marketing department needs an easy way for users to share items more appropriately. They want to easily link-share Drive files within the marketing department, without sharing them with your entire company. What should you do to fulfill this request? (Choose two.) Create a shared drive that's shared internally organization-wide. Update Drive sharing for the marketing department to restrict to internal. Create a shared drive for internal marketing use. Update the link sharing default to the marketing team when creating a document. In the admin panel Drive settings, create a target audience that has all of marketing as members.
Your company has a broad, granular IT administration team, and you are in charge of ensuring proper administrative control. One of those teams, the security team, requires access to the Security Investigation Tool. What should you do? Assign the pre-built security admin role to the security team members. Create a Custom Admin Role with the Security Center privileges, and then assign the role to each of the security team members. Assign the Super Admin Role to the security team members. Create a Custom Admin Role with the security settings privilege, and then assign the role to each of the security team members.
Your organization has a new security requirement around data exfiltration on iOS devices. You have a requirement to prevent users from copying content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party app. What steps should you take from the admin panel to prevent users from copying data from work to non-work apps on iOS devices? Navigate to “Data Protection” setting in Google Admin Console's Device management section and disable the “Allow users to copy data to personal apps” checkbox. Disable “Open Docs in Unmanaged Apps” setting in Google Admin Console’s Device management section. Navigate to Devices > Mobile and endpoints > Universal Settings > General and turn on Basic Mobile Management. Clear the “Allow items created with managed apps to open in unmanaged apps” checkbox.
Your organization recently implemented context-aware access policies for Google Drive to allow users to access Drive only from corporate managed desktops. Unfortunately, some users can still access Drive from non-corporate managed machines. What preliminary checks should you perform to find out why the Context-Aware Access policy is not working as intended? (Choose two.) Confirm that the user has a Google Workspace Enterprise Plus license. Delete and recreate a new Context-Aware Access device policy. Check whether device policy application is installed on users’ devices. Confirm that the user has at least a Google Workspace Business license. Check whether Endpoint Verification is installed on users’ desktops.
Your organization has enabled spoofing protection against unauthenticated domains. You are receiving complaints that email from multiple partners is not being received. While investigating this issue, you find that emails are all being sent to quarantine due to the configured safety setting. What should be the next step to allow uses to review these emails and reduce the internal complaints while keeping your environment secure? Add your partner domains IPs to the Inbound Gateway setting. Change the spoofing protection to deliver the emails to spam instead of quarantining them. Add your partner sending IP addresses to an allowlist. Change the spoofing protection to deliver the emails to inboxes with a custom warning instead of quarantining them.
As the Workspace Administrator, you have been asked to delete a temporary Google Workspace user account in the marketing department. This user has created Drive documents in My Documents that the marketing manager wants to keep after the user is gone and removed from Workspace. The data should be visible only to the marketing manager. As the Workspace Administrator, what should you do to preserve this user's Drive data? In the user deletion process, select “Transfer” in the data in other apps section and add the manager's email address. Use Google Vault to set a retention period on the OU where the users reside. Before deleting the user, add the user to the marketing shared drive as a contributor and move the documents into the new location. Ask the user to create a folder under MyDrive, move the documents to be shared, and then share that folder with the marketing team manager.
As a Google Workspace administrator for your organization, you are tasked with controlling which third-party apps can access Google Workspace data. Before implementing controls, as a first step in this process, you want to review all the third-party apps that have been authorized to access Workspace data. What should you do? Open Admin Console > Security > API Controls > App Access Control > Manage Third Party App Access. Open Admin Console > Security > API Controls > App Access Control > Manage Google Services. Open Admin Console > Security > Less Secure Apps. Open Admin Console > Security > API Controls > App Access Control > Settings.
Your organization wants more visibility into actions taken by Google staff related to your data for audit and security reasons. They are specifically interested in understanding the actions performed by Google support staff with regard to the support cases you have opened with Google. What should you do to gain more visibility? From Google Admin Panel, go to Audit, and select Access Transparency Logs. From Google Admin Panel, go to Audit, and select Login Audit Log. From Google Admin Panel, go to Audit, and select Rules Audit Log. From Google Admin Panel, go to Audit, and select Admin Audit Log.
Your organization recently had a sophisticated malware attack that was propagated through embedded macros in email attachments. As a Workspace administrator, you want to provide an additional layer of anti-malware protection over the conventional malware protection that is built into Gmail. What should you do to protect your users from future unknown malware in email attachments? Run queries in Security Investigation Tool. Turn on advanced phishing and malware protection. Enable Security Sandbox. Enable Gmail confidential mode.
Your organization's information security team has asked you to determine and remediate if a user (firstname.lastname@example.org) has shared any sensitive documents outside of your organization. How would you audit access to documents that the user shared inappropriately? Open Security Investigation Tool-> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is email@example.com. Have the super administrator use the Security API to audit Drive access. As a super administrator, change the access on externally shared Drive files manually under firstname.lastname@example.org. Open Security Dashboard-> File Exposure Report-> Export to Sheet, and filter for email@example.com.
A user is reporting that external, inbound messages from known senders are repeatedly being incorrectly classified as spam. What steps should the admin take to prevent this behavior in the future? Modify the SPF record for your internal domain to include the IPs of the external user's mail servers. Update the spam settings in the Admin Console to be less aggressive. Add the sender's domain to an allowlist via approved senders in the Admin Console. Instruct the user to add the senders to their contacts.
The credentials of several individuals within your organization have recently been stolen. Using the Google Workspace login logs, you have determined that in several cases, the stolen credentials have been used in countries other than the ones your organization works in. What else can you do to increase your organization's defense-in-depth strategy? Implement an IP block on the malicious user's IPs under Security Settings in the Admin Console. Use Context-Aware Access to deny access to Google services from geo locations other than the ones your organization operates in. Enforce higher complexity passwords by rolling it out to the affected users. Use Mobile device management geo-fencing to prevent malicious actors from using these stolen credentials.
You are the Workspace administrator for an international organization with Enterprise Plus Workspace licensing. A third of your employees are located in the United States, another third in Europe, and the other third geographically dispersed around the world. European employees are required to have their data stored in Europe. The current OU structure for your organization is organized by business unit, with no attention to user location. How do you configure Workspace for the fastest end user experience while also ensuring that European user data is contained in Europe? Configure a data region at the top level OU of your organization, and set the value to “Europe”. Add three additional OU structures to designate location within the current OU structure. Assign the corresponding data region to each. Configure a configuration group for European users, and set the data region to “Europe”. Configure three configuration groups within your domain. Assign the appropriate data regions to each corresponding group, but assign no preference to the users outside of the United States and Europe.
As a team manager, you need to create a vacation calendar that your team members can use to share their time off. You want to use the calendar to visualize online status for team members, especially if multiple individuals are on vacation What should you do to create this calendar? Request the creation of a calendar resource, configure the calendar to “Auto-accept invitations that do not conflict,” and give your team “See all event details” access. Create a secondary calendar under your account, and give your team “Make changes to events” access. Request the creation of a calendar resource, configure the calendar to “Automatically add all invitations to this calendar,” and give your team “See only free/busy” access. Create a secondary calendar under your account, and give your team “See only free/busy” access.
Your Finance team has to share quarterly financial reports in Sheets with an external auditor. The external company is not a Workspace customer and allows employees to access public sites such as Gmail and Facebook. How can you provide the ability to securely share content to collaborators that do not have a Google Workspace or consumer (Gmail) account? Allow external sharing with the auditor using the ‘Trusted Domains’ feature. Enable the ‘Visitor Sharing’ feature, and demonstrate it to the Finance team. Use the ‘Publish’ feature in the Sheets editor to share the contents externally. Attach the Sheet file to an email message, and send to the external auditor.
Your organization has noticed several incidents of accidental oversharing inside the organization. Specifically, several users have shared sensitive Google Drive items with the entire organization by clicking ‘anyone in this group with this link can view’. You have been asked by senior management to help users share more appropriately and also to prevent accidental oversharing to the entire organization. How would you best accomplish this? Create groups, add users accordingly, and educate users on how to share to specific groups of people. Disable sharing to the entire organization so that users must consciously add every person who needs access. Determine sharing boundaries for users that work with sensitive information, and then implement target audiences. Temporarily disable the Google Drive service for individuals who continually overshare.
You are a Workspace Administrator with a mix of Business Starter and Standard Licenses for your users. A Business Starter User in your domain mentions that they are running out of Drive Storage Quota. Without deleting data from Drive, what two actions can you take to alleviate the quota concerns for this user? (Choose two.) Add other users as “Editors” on the Drive object, thus spreading the storage quota debt between all of them. Manually export and back up the data locally, and delete the affected files from Drive to alleviate the debt. Make another user the “Owner” of the Drive objects, thus transferring the storage quota debt to them. Perform an API query for large storage drive objects, and delete them, thus alleviating the quota debt. Move the affected items to a Shared Drive. Shared Drives transfer ownership of the drive item to the domain itself, which alleviates the quota debt from that user.
Your organization is preparing to deploy Workspace and will continue using your company’s existing identity provider for authentication and single sign-on (SSO). In order to migrate data from an external system, you were required to provision each user’s account in advance. Your IT team and select users (~5% of the organization) have been using Workspace for configuration and testing purposes. The remainder of the organization can technically access their accounts now, but the IT team wants to block their access until the migrations are complete. What should your organization do? Remove Google Workspace license to prevent users from accessing their accounts now. Suspend users that the organization does not wish to have access. Add the users to the OU with all services disabled. Use Context-Aware Access to simultaneously block access to all services for all users and allow access to all services for the allowed users.
Your company has acquired a new company in Japan and wants to add all employees of the acquisition to your existing Google Workspace domain. The new company will retain its original domain for email addresses and, due to the very sensitive nature of its work, the new employees should not be visible in the global directory. However, they should be visible within each company's separate directory. What should you do to meet these requirements? Create a new Google Workspace domain isolated from the existing one, and create users in the new domain instead. Under Directory Settings > Contact sharing, disable the contact sharing option and wait for 24 hours to allow the settings to propagate before creating the new employee accounts. Redesign your OU organization to have 2 child OUs for each company directly under the root. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the OU. Create one dynamic group for each company based on a custom attribute defining the company. In Directory Settings > Visibility Settings, define custom directories for each company, and set up Visibility according to the dynamic group.
You are in the middle of migrating email from on-premises Microsoft Exchange to Google Workspace. Users that you have already migrated are complaining of messages from internal users going into spam folders. What should you do to ensure that internal messages do not go into Gmail spam while blocking spoofing attempts? Train users to click on Not Spam button for emails. Add all users of your domain to an approved sender list. Force TLS for your domain. Ensure that your inbound gateway is configured with all of your Exchange server IP addresses.
A user is reporting that after they sign in to Gmail, their labels are not loading and buttons are not responsive. What action should you take to troubleshoot this issue with the user? Collect full message headers for examination. Check whether the issue occurs when the user authenticates on a different device or a new incognito window. Check whether a ping test to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful Check whether traceroute to service.gmail.com (pop.gmail.com or imap.gmail.com) is successful.
A retail company has high employee turnover due to the cyclical nature in the consumer space. The increase in leaked confidential content has created the need for a specific administrative role to monitor ongoing employee security investigations. What step should you take to increase the visibility of such investigations? Assign the ‘Services Admin’ role to an administrator with ‘Super Admin’ privileges. Create a ‘Custom Role’ and add all the Google Vault privileges for a new administrator. Validate that the new administrator has access to Google Vault. Create a ‘Custom Role’ and add the ability to manage Google Vault matters, holds, searches, and exports.
A subset of users from the finance and human resources (HR) teams need to share documents with an external vendor. However, external content sharing is prohibited for the entire finance team. What would be the most secure method to enable external sharing for this set of users? Download and attach the documents to a Gmail message, and send them to the external vendor. Move all users from the finance org unit to the HR org unit. Enable ‘Visitor Sharing’ for the entire finance org unit. Create a group with the finance and HR users who need to share externally.
As the newly hired Admin in charge of Google Workspace, you learn that the organization has been using Google Workspace for months and has configured several security rules for accessing Google Drive. A week after you start your role, users start to complain that they cannot access Google Drive anymore from one satellite office and that they receive an error message that “a company policy is blocking access to this app.” The users have no issue with Gmail or Google Calendar. While investigating, you learn that both this office's Internet Service Provider (ISP) and the global IP address when accessing the internet were changed over the weekend. What is the most logical reason for this issue? An access level was defined based on the IP range and applied to Google Drive via Context-Aware Access. Under Drive and Docs > Sharing Settings, the “Whitelisted domains” list needs to be updated to add the new ISP domain. The Network Mask defined in Security > Settings > SSO with 3rd Party IdPs should be updated to reflect the new IP range. You need to raise a ticket to Google Cloud Support to have your new IP ranges registered for Drive API access.
An end user informs you that they are having issues receiving mail from a specific sender that is external to your organization. You believe the issue may be caused by the external entity’s SPF record being incorrectly configured. Which troubleshooting step allows you to examine the full message headers for the offending message to determine why the messages are not being delivered? Use the Postmaster Tools API to pull the message headers. Use the Email Log Search to directly review the message headers. Use the Security Investigation Tool to review the message headers. Perform an SPF record check on the domain to determine whether their SPF record is valid.
You have been asked to support an investigation that your litigation team is conducting. The current default retention policy for mail is 180 days, and there are no custom mail retention policies in place. The litigation team has identified a user who is central to the investigation, and they want to investigate the mail data related to this user without the user's awareness. What two actions should you take? (Choose two.) Move the user to their own Organization Unit, and set a custom retention policy. Create a hold on the user's mailbox in Google Vault. Reset the user's password, and share the new password with the litigation team. Copy the user's data to a secondary account. Create a matter using Google Vault, and share the matter with the litigation team members.
A recent legal investigation requires all emails and Google Drive documents from a specific user to be retrieved. As the administrator, how can you fulfill the legal team's request? Use Security Investigation Tool to Search Google Drive events for all of the user's documents, and use Google Admin > Reports > Email Log Search to find their emails. Search Google Drive for all of the user’s documents, and ask them to forward all of their emails. Use the Gmail API and Google Drive API to automatically collect and export data. Utilize Google Vault to hold, search, and export data of interest.
What steps does an administrator need to take to enforce TLS with a particular domain? Enable email safety features with the receiving domain. Set up secure transport compliance with the receiving domain. Configure an alternate secure route with the receiving domain. Set up DKIM authentication with the receiving domain.
Your company’s Google Workspace primary domain is “mycompany.com,” and it has acquired a startup that is using another cloud provider with a domain named “mystartup.com.” You plan to add all employees from the startup to your Google Workspace domain while preserving their current mail addresses. The startup CEO's email address is firstname.lastname@example.org, which also matches your company CEO's email address as email@example.com, even though they are different people. Each must keep the usage of their email. In addition, your manager asked to have all existing security policies applied for the new employees without any duplication. What should you do to implement the migration? Create a secondary domain, mystartup.com, within your current Google Workspace domain, set up necessary DNS records, and create all startup employees with the secondary domain as their primary email addresses. Create an alias domain, mystartup.com, in your existing Google Workspace domain, set up necessary DNS records, and create all startup employees with the alias domain as their primary email addresses. Create a new Google Workspace domain with “mystartup.com,” and create a trust between both domains for reusing the same security policies and sharing employee information within the companies. Create the startup employees in the “mycompany.com’ domain, and add a number at the end of the user name whenever there is a conflict.
In Gmail > Routing, define a specific route for the OU that targets the startup employees, which will modify the email address domain to “mystartup.com,” and remove any numbers previously added. In addition, confirm that the SPF and DKIM records are properly set.
You are in charge of automating and configuring Google Cloud Directory Sync for your organization. Within the config manager, how can you proactively prevent applying widespread deletions within your Workspace environment if your company’s LDAP undergoes a substantial modification? Manually run Google Cloud Directory Sync only after performing a simulated sync. Specify the minimum and maximum number of objects to synchronize in each configuration item. Configure the tool to delete users only when run from the config manager. Configure limits for the maximum number of deletions on each synchronization.
Your company recently acquired an organization that was not leveraging Google Workspace. Your company is currently using Google Cloud Directory Sync (GCDS) to sync from an LDAP directory into Google Workspace. You want to deploy a second instance of GCDS and apply the same strategy with the newly acquired organization, which also has its users in an LDAP directory. How should you change your GCDS instance to ensure that the setup is successful? (Choose two.) Provide your current GCDS instance with admin credentials to the recently acquired organization's LDAP directory. Add an LDAP sync rule to your current GCDS instance in order to synchronize new users. Set up exclusion rules to ensure that users synced from the acquired organization's LDAP are not, suspended. Set up an additional instance of GCDS running on another server, and handle the acquired organization's synchronization. Upgrade to the multiple LDAP version of GCDS.
A user reached out to the IT department about a Google Group that they own: firstname.lastname@example.org. The group is receiving mail, and each message is also delivered directly to the user's Gmail inbox. The user wants to be able to reply to messages directly from Gmail and have them sent on behalf of the group, not their individual account. Currently, their replies come from their individual account. What would you instruct the user to do? Create a new content compliance rule that matches the user's outgoing messages with the group copied, and have it modify the sender to be the group address. Add the group as an email address that can be sent from within Gmail, and verify that the user has access. They can then choose to reply from the group. Add the user's individual account as a delegate to the group's inbox. They can then toggle between the accounts and use the Gmail interface on behalf of the group. Set the group address to be the default sender within the group's posting policies.
Your organization recently deployed Google Workspace. Your admin team has been very focused on configuring the core services for your environment, which has left you little time to pay attention to other areas. Your security team has just informed you that many users are leveraging unauthorized add-ons, and they are concerned about data exfiltration. The admin team wants you to cut off all add-ons access to Workspace data immediately and block all future add-ons until further notice. However, they approve of users leveraging their Workspace accounts to sign into third-party sites. What should you do? Modify your Marketplace Settings to block users from installing any app from the Marketplace. Set all API services to “restricted access” and ensure that all connected apps have limited access. Remove all client IDs and scopes from the list of domain-wide delegation API clients. Block each connected app's access.
Your organization has just completed migrating users to Workspace. Many employees are concerned about their legacy Microsoft Office documents, including issues of access, editing, and viewing. Which two practices should you use to alleviate user concerns without limiting Workspace collaboration features? (Choose two.) Configure Context-Aware Access policies to block access to Microsoft Office applications. Demonstrate the ability to convert Office documents to native Google file format from Drive. Demonstrate and train users to use the Workspace Migrate tool. Deliver training sessions that show the methods to access and edit native Office files in Drive, the Workspace file editors, and Drive for Desktop. Continue to use installed Office applications along with Google Drive for Desktop.
Your IT team is being asked to fulfill a query by your organization's legal department that requires an MBOX file that will be shared to a third-party partner for eDiscovery. The query must be run on multiple users. Legal has no admin rights to Google Vault. What should you do to fulfil the request? Create a Google Vault matter for each user account, and share the matters to the legal admin. Create a Google Vault matter, search for data, and run an export for the legal department. Use the Investigation Tool to search for the data requested, and export for the legal department. Search for the data in Gmail, and export for the legal department.
Your organization is using Password Sync to sync passwords from Active Directory to Google Workspace. A user changed their network password and cannot log in to Google Workspace with the new password. What steps should you take to troubleshoot this issue? Reinstall Password Sync on all domain controllers. Reauthorize the Password Sync tool in the Google Workspace Admin Console. Confirm that the Password Sync service is running on all domain controllers. Reset the user's password in Active Directory.
Your sales team, which is organized as its own organizational unit, is prone to receiving malicious attachments. What action should you take, as an administrator, to apply an additional layer of protection in the admin console for your sales team without disrupting business operation? Configure an attachment compliance rule to send any emails with attachments received by users within the sales team organizational unit to an administrator quarantine. Configure an attachment compliance rule to strip any attachments received by users within the sales team organizational unit. Configure the security sandbox feature on the sales team organizational unit. Update the Email Allowlist in the admin console to only include IP addresses of known senders.
Your organization does not allow users to share externally. The security team has recently approved an exemption for specific members of the marketing team and sales to share documents with external customers, prospects, and partners. How best would you achieve this? Create a configuration group with the approved users as members, and use it to create a target audience. Enable external sharing for the marketing and sales organizational units. Enable external sharing only to allowlisted domains provided by marketing and sales teams. Create a configuration group with the approved users as members, and enable external sharing for this group.
As a Workspace Administrator, you want to keep an inventory of the computers and mobile devices your company owns in order to track details such as device type and who the device is assigned to. How should you add the devices to the company-owned inventory? Download the company owned inventory template CSV file from the admin panel, enter the serial number of the devices, and upload it back to the company owned inventory in the admin panel. Download the company owned inventory template CSV file from the admin panel, enter the Device OS, serial number and upload it back to the company owned inventory in the admin panel. Download the company owned inventory template CSV file from the admin panel, enter the asset tag of the devices, and upload it back to the company owned inventory in the admin panel. Download the company owned inventory template CSV file from the admin panel, enter the Device OS, asset tag and upload it back to the company owned inventory in the admin panel.
When reloading Gmail in Chrome, the web browser returns a 500 Error. As part of the troubleshooting process, Google support asks you to gather logs. How can this be accomplished? Chrome > Window Context Menu > More Tools > Developer Tools > Network Tab > Reload the page to replicate the error > “Export HAR” Admin.google.com > Reporting > Reports > Apps Reports > Gmail chrome://net-export > Start Logging to Disk > Confirm validity with https://netlog-viewer.appspot.com Chrome > Window Context Menu > More Tools > Task Manager > Screen Capture List of Running Processes.
Your company is using Google Workspace Business Standard. The company has five meeting rooms that are all registered as resources in Google Workspace and used on a daily basis by the employees when organizing meetings. The office layout was changed last weekend, and one of the meeting rooms is now a dedicated room for management. The CEO is complaining that anyone can book the room and requested this room to be used only by the management team and their executive assistants (EAs). No one else must be allowed to book it via Google Calendar. What should you do? As a super administrator, modify the room calendar sharing settings, and limit it to the management and EAs group. Delete the room from Google Workspace resources, and suggest using a spreadsheet shared with the management and EAs only for the room schedule. As a super administrator, create a group calendar named “Management Room,” and share it only with the management and the EAs. Move the room resource to the management and EAs group so that only they can use it.
You act as the Google Workspace Administrator for a company that has just acquired another organization. The acquired company will be migrated into your Workspace environment in 6 months. Management has asked you to ensure that the Google Workspace users you currently manage can efficiently access rich contact information in Workspace for all users. This needs to occur before the migration, and optimally without additional expenditure. What step do you take to populate contact information for all users? Bulk-upload the contact information for these users via CSV into the Google Directory. Use the Domain Shared Contacts API to upload contact information for the acquired company's users. Provision and license Google Workspace accounts for the acquired company's users because they will need accounts in the future. Prepare an uploadable file to be distributed to your end users that allows them to add the acquired company’s user contact information to their personal contacts.
Your organization is about to expand by acquiring two companies, both of which are using Google Workspace. The CISO has mandated that strict ‘No external content sharing’ policies must be in place and followed. How should you securely configure sharing policies to satisfy both the CISO’s mandate while allowing external sharing with the newly acquired companies? Allow external sharing of Drive content for the IT group only. Create a Drive DLP policy that will allow sharing to only domains on an allowlist. Use shared drives to store the content, and share only individual files externally. Let users share files between the two companies by using the ‘Trusted Domains’ feature. Create an allowlist of the trusted domains, and choose sharing settings for the users.
Your company is using Google Workspace Enterprise Plus, and the Human Resources (HR) department is asking for access to Work Insights to analyze adoption of Google Workspace for all company employees. You assigned a custom role with the work Insights permission set as “view data for all teams” to the HR group, but it is reporting an error when accessing the application. What should you do? Allocate the “view data for all teams” permission to all employees of the company. Confirm that the Work Insights app is turned ON for all employees. Confirm in Security > API controls > App Access Controls that Work Insights API is set to “unrestricted.” Confirm in Reports > BigQuery Export that the job is enabled.
You received this email from the head of marketing:
Hello Workspace Admin:
Next week, a new consultant will be starting on the “massive marketing mailing” project. We want to ensure that they can view contact details of the rest of the marketing team, but they should not have access to view contact details of anyone else here at our company. Is this something that you can help with?
What are two of the steps you need to perform to fulfill this request? (Choose two.) Create an isolated OU for the consultants who need the restricted contacts access. Create a group that includes the contacts that the consultant is allowed to view. Apply the role of owner to the consultant in the group settings. Create the consultant inside under the marketing OU. Ensure that you have the Administrator Privilege of Services > Services settings and that Services > Contacts > Contacts Settings Message is set.
A disgruntled employee has left your company and deleted all their email messages and files in Google Drive. The security team is aware that some intellectual property may have surfaced on a public social media site. What is the first step to start an investigation into this leak? Delete the user's account in the Admin Console. Transfer data between end user Workspace accounts. Instruct a Google Vault admin to create a matter, and place all the user data on ‘hold.’ Use Google Vault to export all the user data and share among the security team.