workspace1

101.Samantha, an employee from your engineering department, has submitted a help desk ticket. She is unable to share a Google Doc file with Jason, her coworker in the marketing department. However, Samantha is able to share the same file with her colleagues in the engineering department. You must troubleshoot the issue. What should you do?. Confirm if a trust rule is preventing sharing with Jason or someone that belongs to the marketing department. Verify that Samantha's Drive sharing settings in the Admin console allow sharing content outside her organization. Confirm if there is a data protection rule that is preventing the sharing of this particular Google Doc. Instruct Samantha to export a PDF copy of the document and email it to Jason.

102.Your organization has been using Google Workspace for almost a year, and your annual security and risk assessment initiative is approaching. In preparation for the risk assessment, you want to quickly review all the security-related settings for Gmail, Drive, and Calendar, and identify the ones that may be posing risk. What should you do?. Review all the alerts in the Alert center. Review the Security health page in the Admin console. Review all settings for each organizational unit (OU) separately because it is the only way to see the security settings for Workspace apps. Review the Gmail, Drive, and Calendar reports in the Reporting section in the Admin console.

103.Your organization has a data loss prevention (DLP) rule to detect and warn users about external sharing of sensitive files in Google Drive. You also want to prevent external users from downloading files with viewer permissions to their local machines. What should you do?. Do nothing. View-only Drive files automatically prevent the user from downloading the files. Modify the existing DLP rule to Disable download, print, and copy for commenters and viewers. Create a new DLP rule by using the existing content detector conditions, but change the action for the new rule to Disable download, print, and copy for commenters and viewers. Create a new DLP rule and set the scope to the organizational unit or group that you want to restrict.

104.You work for an organization that is headquartered in Washington DC. You want to reliably send email announcements to all employees in the area and update membership automatically. What should you do?. Create a Dynamic Group by using the location condition to keep the distribution list automatically updated based on the employees’ work locations. Create a Security Group and apply the Location label to allow employees to join based on the specified location. Create a Google Group and add all employees in the Washington DC work location. Create a Google Group and set permissions to invite employees to join the group.

105.Your organization is working on a confidential project with details that cannot be shared through email with anyone outside your organization. You want to add controls in Gmail that prevent any mention of the project from being sent by employees. Only the CEO and the CFO can send information about the project over email and without a delay. What should you do?. Configure the Gmail Restrict delivery setting, and add an allowlist with all domains that your employees are allowed to send emails to. Include the CEO and CFO email addresses to the allowlist. Configure a Gmail Content compliance rule for outbound email that quarantines all email mentioning the project. Bypass the rule by using the address list with the CEO and CFO email addresses. Configure a Gmail Content compliance rule for outbound email that quarantines all email mentioning the project. Manually review all quarantined emails and choose to deliver the ones sent by the CEO and CFO. Configure the Gmail Restrict delivery setting for all outgoing messages, except the internal emails. Add the CEO and CFO email addresses to the allowlist.

106.Users at your organization are reporting issues with Google Voice including disconnected calls and overall connection issues. You want to identify whether these issues affect just your organization or whether it's a global Google issue. What should you do?. Use the Security Investigation Tool with Voice Log Events as the data source field. In the search operator fields, select Event, is, and Network Statistics (client). Analyze the packet loss. Verify if there is a service outage for Google Voice reported on the Google Workspace Status Dashboard. Use the Security Investigation Tool with User Log Events as the data source field. In the search operator fields, select Event, is, and Call failed. Analyze the packet loss. Verify if there is a service interruption for Google Voice reported on the Google Workspace Updates Blog website.

107.You have enrolled a new Google Meet hardware device for an existing conference room in your building. Your users report that the new hardware in the conference does not show the expected calendar events. You need to investigate and fix the problem. What should you do?. Make sure that the conference room resource calendar has been created and that the Meet Hardware is associated with that resource. Create a brand new resource calendar and associate the Meet Hardware with that new resource. Use the Meet Quality Tool in the control panel to search for the newly installed Meet Hardware. Make sure the Access permissions for the resource calendar is set to “See all event details”.

108.You work at a large global holding firm with multiple companies that are united under one Google Workspace deployment. You must ensure that employees can only access documents at the company in which they are employed. What should you do?. Create a User group for each company and change Google Drive sharing settings to block external sharing. Create an organizational unit (OU) for each company and disable file sharing. Set up data loss prevention (DLP) rules to prevent specific documents from being shared. Set up Google Drive trust rules to prevent access to documents from individual companies.

109.An employee at your organization is experiencing video call issues in Google Meet, and they were unable to resolve the issues by themselves. You need to troubleshoot the issue. What should you do first?. View the Meet quality report of the employee. Ask your network administrator to add the dedicated Meet IP address range for your users. Restart the device of the employee. Check the Meet settings of the employee.

110.Your organization is migrating to Google Workspace and wants to improve how newly created files are classified. You must find a scalable solution to improve security and transparency on how to handle sensitive files. What should you do?. Set data loss prevention (DLP) policies to label data automatically, disable label locking, and educate users. Create classification labels, enable automatic classification, and educate users. Migrate data to Google Workspace, map classifications, and migrate with the Drive Labels API. Integrate with the Cloud DLP API, map identifiers and classifications, install the Google Drive label client, and run the application.

111.The Google Analytics service is set to OFF for your entire organization. All users in the marketing team OU and a subset of users in the sales OU need access to Analytics. The rest of the organization should not have access. You must configure access in Additional Google services. What should you do?. Enable Google Analytics at the top of the OU structure. Enable Google Analytics for the marketing and sales OUs. Create a group to deny access to Google Analytics and assign it to the sales users who should not have access. Enable Google Analytics for the marketing OU. Create a sub-OU for the sales users under the marketing OU. Enable Google Analytics for the marketing OU. Create a group from the Admin console that includes the sales users, and set Google Analytics to On for that group.

112.Your organization has a strict requirement that your temporary employees can only send emails to and receive emails from specific external domains. You must define a policy in Google Workspace that meets this requirement for users in the temporary employee organizational unit (OU). What should you do?. Create a policy in Gmail settings that rewrites the recipient for outbound messages and quarantines incoming messages to review before delivery. Add the allowed domains when configuring the restrict delivery setting in Gmail settings, and select the box to bypass for internal emails. .Restrict sending and receiving to Google Groups, and carefully curate the temporary employees' memberships. Configure the restrict delivery setting to limit domains that the temporary employees can communicate with. Allow Google Docs sharing notifications.

113.Your default Vault retention policy for Gmail is set to 365 days. Your legal department has just informed you that emails sent and received by the customer support department are sensitive, and must be retained for only 30 days. You must enforce this new retention policy in the simplest way. What should you do?. Change the current default retention policy in Vault for Gmail to 30 days, and apply it to the customer support organizational unit (OU). Configure a custom retention policy for Gmail for 365 days for your domain. Create two custom retention policies in Vault: one for 30 days that is applied to the customer support organizational unit (OU), and one for 365 days that is applied to all other OUs in your directory. Change the current default retention policy for Gmail to 30 days. Configure two custom retention policies in Vault: one for 30 days that is applied to the customer support organizational unit (OU), and one for 365 days that is applied to all other OUs in your directory. Create a custom retention policy in Vault for Gmail for 30 days, and apply it to the customer support organizational unit (OU).

114.Your organization is moving from a legacy mail system to Google Workspace. This move will happen in phases. During the first phase, some of the users in the domain are set up to use a different identity provider (IdP) for logging in. You need to set up multiple IdPs for various users. What should you do?. Enable single sign-on (SSO) with third-party identity providers and exclude the users who are using a different provider. Enable single sign-on (SSO) with Cloud Identity, and use Cloud Directory Sync to manage multiple identity providers. Create Security Assertion Markup Language (SAML) based single sign-on (SSO) profiles and assign them to specific organizational units or groups of users. Nothing. Google uses cookies to establish a user's relationship to a device. This will cover multiple identity providers.

115.By using Account Activity reports, you have flagged several users who are uploading large files. You want to ensure you don't run out of pooled storage and you want to stop the abuse. What should you do first?. Email flagged users with a warning of possible abuse. Use the Security Investigation Tool to set alerts on the flagged users. Warn the flagged users, and purchase more pooled storage to avoid hitting storage quotas. Place the flagged users in a configuration group and set storage limits for the group.

116.The helpdesk at your organization reports that many users in multiple locations are not able to access Gmail, but can access other Workspace services. You must troubleshoot the issue. What should you do first?. Open a ticket with Google Support listing the affected users. Check the Google Workspace status dashboard to see whether there is a disruption in Gmail service availability. Check the Google Workspace release calendar to ensure there's not a Gmail upgrade scheduled. Check network connectivity of the affected users.

117.An employee has been leaking confidential salary information to an external party. You must use Vault to preserve the messages for an investigation. What should you do?. Create a matter and add a hold on the employee's email. Use the security investigation tool to find the messages. Create a hold to preserve the messages. Create a custom retention policy. Use the audit feature to view captured email logs. Use the search and export features to find all the messages sent externally.

118.The compliance team at your organization is conducting a legal investigation into some concerning sales activities of an employee eight months ago. The compliance team contacted you for assistance on the situation. You set up the default Google Vault retention rules so all data is retained only for one year. You must assist the compliance team with the investigation. What should you do?. Do nothing. The retention period has already ended and the evidence has already been purged. Suspend the employee and export all data by using Google Takeout. Assign the compliance team a Google Vault administrator role and create a legal hold for the employee. Assign the compliance team a Google Vault administrator role and change the default retention rules to three years.

119.Your team is collaborating on a new project by using a Google Doc. They are using Doc comments to add numerous questions and suggestions. You want to ensure that sensitive data in the Doc comments does not appear in the recipients’ inboxes when a user is notified that a comment has been assigned to them. What should you do?. Set up an email quarantine to quarantine all incoming emails that contain sensitive data. Disable comments in the Google Doc for your users. Create a Gmail content compliance rule and turn off dynamic email for your team. Create a Gmail content compliance rule to block incoming messages that contain sensitive data.

120.Your organization was recently targeted by a phishing attempt that affected several users. You must efficiently determine the full extent of the phishing attempt and prevent further issues from occurring. What should you do?. 1. Search BigQuery logs for all messages marked as phishing. 2. Require Transport Layer Security (TLS) for all email communications. 3. Instruct all users to reset their passwords. 1. Use email log search to pull all emails for the past three days. 2. Analyze logs of common emails received and contact users. 3. Instruct users on how to create a Gmail filter to block malicious email addresses. 1. Use the security dashboard to view the number of messages showing evidence of potential spoofing, and then use the investigation tool on affected users to remove malicious email. 2. Enable advanced phishing and malware protection. 3. Deploy Google's Password Alert extension for Chrome. 1. Collect phishing samples forwarded from users. 2. Add IP addresses and email addresses to your denylist. 3. Enroll only affected users to multi-factor authentication (MFA).

121.Your organization has offices in Canada, Italy, and the United States. You want to ensure that employees can access corporate Gmail and Drive from these three geographic locations only. What should you do?. Require the use of corporate devices for any access to corporate Gmail and Drive. Use context-aware access to create access levels based on the geographic location, and assign them to corporate Gmail and Drive. Create address lists to restrict the delivery of incoming and outgoing messages, and to block notifications from Google Doc comments. Create data protection rules in Google Workspace that allow data access from only three geographic locations.

122.Your organization has upgraded to a Google Workspace edition with Vault and has hired a new audit team. You are configuring access for this audit team with these privileges: •Chief legal executive - reporting privileges •Legal audit manager - full Vault privileges •Data reviewer - searching privileges. You must enable access for these three roles. What should you do?. Set up Google Vault service as On for these specific users. Assign Google Vault licenses to these users that allow all privileges required for access. Set up an Admin role with minimal Vault privileges and assign the role to all Vault users. Approve additional privileges that are requested through a formal approval process. Set up three different Admin roles with specific privileges that match the audit team’s responsibilities. Assign these Admin roles to the respective users.

123.Employees at your organization frequently and mistakenly delete important emails that they receive from your payroll department. The employees have to file support tickets for the IT team to find and restore these emails. You must provide an automated solution that minimizes IT overhead and prevents these emails from being permanently deleted from their inboxes. What should you do?. Create a content compliance rule that targets internal messages. Use an advanced content match for the sender header to match the payroll department's email. Quarantine the message so that administrators can review the email before they release it to the user. Create an Apps Script project that uses the Gmail API to find any recently deleted emails and automatically restore them to the inboxes. Set the script trigger to be time-driven and run every hour. Create a content compliance rule that targets all internal messages that are sent from the payroll department. Modify the message by prepending a custom subject line to all payroll emails so that employees know not to delete them. Create an activity rule by using Gmail log events with two conditions: one for the event of an email deletion and another that matches the header address to the payroll department's email. Create an action that restores messages. Set the rule to run every hour.

124.An employee has left your organization, and their Drive data must be retained for three years. The retention rule has been set for three years. You must ensure the employee's data is visible in Vault and accessible to the Vault Administrator in the most cost-effective way. What should you do?. Export the user's Drive data from Vault, then delete the user. Assign an Archive User (AU) license to the user. Change ownership of the Drive data to the user's Manager, then delete the user. Suspend the user until the end of the three-year period.

125.Recently, your organization has had an increase in messages marked as spam. You need to quickly and efficiently obtain detailed information regarding each message. What should you do?. Create an investigation by using a SQL query to search for all spam audit logs exported to BigQuery. Send an alert to all users to mark all suspicious Gmail messages as spam and review the Alert center messages. Use Google Vault to put all messages marked as spam in a legal hold and review the messages. Use the spam filter report in the security dashboard to see messages Google's spam filter marked as spam during a specific time period.

126. You work for a midsize organization. Your compliance and audit team sees that users are frequently resetting their passwords. You must provide accurate information and ensure that the compliance team is informed every time a user changes their password. What should you do?. Create a new alert by using user log events and check that event Login type is Google password, and include the compliance team in the email notifications. Check the User's password changed alert in the alert center and include the compliance team in the email notifications. Disable user account recovery so users must contact you before a reset. Enable user account recovery and forward any alert to the compliance team through the alert center.

127. Your global marketing team has over 500 employees. They recently started working with Google Analytics and want to move to managed accounts. You decide to use Google Cloud Directory Sync (GCDS) to sync users from your current identity provider. Your organization currently has no Google Workspace licenses linked to the Admin console. You run GCDS for the first time and receive the following error, “Domain user limit reached.” You need to identify and fix the problem. What should you do?. Ensure that there is a subscription available and enough licenses to sync the new users. Check if GCDS has the correct permissions to run a sync on your domain. Wait 48 hours until the domain is fully provisioned. Update the delete limits of GCDS, and try again.

128. Your organization has users in the United States and Europe. For compliance reasons, you want to ensure that user data is always stored in the region where the user is located. What should you do?. Create two Google Groups titled “United States” and “Europe.” Assign users to either group based on location. Specify a data region policy for each Organizational Unit (OU) where users are grouped by location. Populate the Address field on each user record, ensuring the country information is accurate. Do nothing. No extra configuration is needed because user data is always stored in the region the user is located.

129. You are configuring a customer relationship management (CRM) solution to integrate with Google Workspace services for the sales department at your organization. The CRM solution is in the Google Workspace Marketplace and you deploy the specific CRM solution. Employees report that there are no contacts and documents visible in the CRM solution. You must identify and fix the problem. What should you do?. Check the OAuth scopes, and ensure that Drive and Gmail scopes are granted for the CRM solution. Check if Manage access to apps is set to Allow users to install and run any app from the Marketplace. Revoke all OAuth scopes, and reinstall the CRM solution for just the sales department. Check if the App distribution settings are set to ON for everyone in your organization.

130. You have implemented a data loss prevention (DLP) policy for a specific finance organizational unit. You want to apply the same security policy to a shared drive owned by the finance department in the most efficient manner. What should you do?. In the Admin console sharing settings, select the finance organizational unit and deselect Allow users outside the domain to access files in shared drives. Assign the Shared Drive to the finance organizational unit. Create a new DLP policy for shared drive users. Change the scope of the policy to apply to all in the domain.

131. Your organization has a group of users who interact with sensitive information and their accounts contain valuable files. You need to protect these users from targeted online attacks. What should you do?. Enable 2-Step Verification for those users and recommend they use Google Authenticator. Enable 2-Step Verification for those users and recommend they use SMS codes. Disable password recovery for end users. Enroll all accounts for those users in the Advanced Protection Program.

132. An employee at your company does not need access to their Workspace account while they are on leave for a year. When they return, you need to ensure they have access to their account and that all their data and current emails remain intact. Also, their shared documents must be available to other users. You must accomplish this goal in the most cost-effective way. What should you do?. Assign an Archive User license. Suspend their account in the Admin console. Delete the user after copying their emails and reassigning their documents to their manager. Remove the user license in the Admin console.

133. Employees at your company sent emails with physical file attachments to external recipients. However, it is against company policy to send file attachments externally. You need to enforce the policy and alert the sender. What should you do?. Quarantine messages that contain attachments for all external recipients. Create an attachment compliance rule that removes attachments from external messages and notifies recipients. Create an email denylist to block external mail recipients from receiving messages with physical files attached. Store the files in a shared drive and add the recipients as members.

134. An employee at your organization created a recurring calendar event. When they made edits to the recurring event, none of the event attendees received email notifications with the changes. You collected the Google Calendar IDs and user emails. You must troubleshoot the issue and collect additional information from the event attendees before contacting the Google Support team. What should you do?. Capture the Gmail labels used by the reported user. Capture the number of times the Event is set for recurrence to ensure that the host is not hitting the email limits. Capture the relevant Event IDs and the ICS files by using the Show original option. Capture the laptop OS version of the user to troubleshoot if there are older versions of the event being displayed.

135. Your organization collects information from the public by using a paper form. You want to ensure that employees at your organization can't share images of these forms through email attachments because they contain sensitive information. You have set up a content compliance rule and need to configure the correct settings. What should you do?. Set up a Metadata Match expression. Ensure Optical Character Recognition (OCR) for email attachments is enabled. Set up the rule to prevent all external outgoing emails with attachments of type that match Adobe PDF. Set up the rule to reject all incoming and outgoing emails with images as attachments.

136. An employee left your organization for a competitor and was leaking confidential information externally. You must ensure that the former employee no longer has access to their Workspace account. The manager and the rest of their team still needs access to the documents that they created. You want to keep license costs to a minimum and preserve a legal hold on the Workspace account of the former employee. What should you do?. Rename the Workspace account of the former employee. Delete the Workspace account of the former employee. Disable the Workspace account of the former employee, and switch their license to the Archived user type. Reset the password of the former employee to something complex, and keep the Workspace account license active.

137. A user named Alice is leaving your organization. You need to transfer all of Alice's data from her Drive to Bob's Drive in the most simple and efficient manner possible. What should you do?. Use the Google Admin console to move the files from Alice's Drive to Bob's Drive. Instruct Alice to download all of her files from her Drive and upload them to Bob's Drive. Use the Google Takeout service to export Alice's data to a zip file, and instruct Bob to import the zip file into his Drive. Use the Google Drive API to programmatically transfer the files from Alice's Drive to Bob's Drive.

138. An employee at your organization is unable to send and receive emails by using their mobile device. You must identify the next step to troubleshoot and fix the issue as quickly as possible. What should you do?. Collect more information about the employee’s device, mail client, and error message. Instruct the employee to generate an HTTP Archive (HAR) file recording to start troubleshooting. Tell the employee to reinstall the Gmail application on their phone. Contact Google Workspace support for immediate assistance.

139. Your organization’s legal team is conducting a legal review of an employee. The default retention period for your organization is indefinite. You must assist your legal team with retrieving the employee's emails for a one month period. What should you do?. Create a new Matter inside Google Vault. Specify Gmail, the user, and the timeframe to retrieve messages. Restore the user’s deleted Gmail messages from the Admin console and export the user’s inbox messages by using an API. Specify the time frame and user by using Google Vault’s audit reports. Export the report as a CSV file. Create a new retention rule inside Google Vault. Specify Gmail and the timeframe to retain messages.

140. Your team wants to schedule meetings based on your availability. You need to securely and efficiently share your calendar with your team. What should you do?. Share your calendar with your team. Set the sharing permissions for the calendar to show free/busy details. Create a new group calendar and share it with your team members. Set the sharing permissions for the calendar to show free/busy details. Make your calendar public and set the permissions for events to show free/busy details. Export your calendar and then have your team import it into their Calendar environment.

141. Your organization wants to improve security and will restrict employees from accessing corporate documents while traveling internationally. Employees are still allowed to send and receive emails. You are setting up context- aware access levels and need to configure Workspace to support these security policies. What should you do?. Set up access levels by using geographic origin of where the users are accessing Workspace services as the parameter. Assign this access level to Gmail. Set up access levels by using the users' device operating system as the parameter. Assign this access level to Gmail. Set up access levels by using the users' device operating system as the parameter. Assign this access level to Google Drive. Set up access levels by using the geographic origin of where the users are accessing Workspace services as the parameter. Assign this access level to Google Drive.

142. Two months ago, your organization's board set an ambitious goal to publish a data driven report on the environmental impact of their IT operations. You must provide the data for the board report. Which report should you share?. Monthly update reports. Carbon footprint report. Work insights report. Costs report.

143. Before leaving your organization, an employee in the finance department created and shared documents from My Drive. Their manager wants to keep all the files, but only some of these documents need to be available in the Shared Drive of the finance department. You need to quickly and efficiently delete the Workspace account for the former employee but also ensure that the finance department can access the required files. What should you do?. Before leaving the organization, instruct the employee to create a folder in My Drive, move the documents that need to be shared, then share that folder with the Finance manager and delete the user. Use Google Takeout to download the Drive data and then upload the data back to the Shared Drive of the finance department. Use Google Vault to set a retention policy for the organizational unit (OU) where the former employee resides. In the User Deletion process, transfer ownership of the documents to the manager. After completion, instruct the manager to move the desired documents into the Shared Drive of the finance department.

144. An employee at your organization is going on long-term leave for an unknown period of time. Their teammate is working on a shared project and needs access to all the project files owned by the employee on leave. You must grant access to all these files efficiently. What should you do?. Suspend the Workspace account of the employee who is on leave. Grant the teammate access to the project files by using the transfer ownership functionality. Locate the folder that contains the project files by using the security investigation tool. Make a copy of the files for the teammate. Locate, download, and share the project files with the teammate.

145. An employee at your organization had very poor quality during a Google Meet video call from their laptop. They were at a coffee shop and not on the corporate network during the meeting. You must troubleshoot the issue quickly and efficiently. What should you do first?. Check to see if there was a Google Meet outage at the time of the meeting by using the Google Workspace Status Dashboard. Check the user’s participant statistics by using the Meet quality tool and entering the corresponding meeting code. Check to see if Context-Aware access rules were set to prevent Meet access from the user’s network location. Search for the Meet log events during the time of the Meeting by using the security investigation tool.

146. Your organization has migrated to Google Workspace and has several different tenants from different businesses they have acquired. The IT team is considering whether to consolidate all of their tenants under a single Google Workspace tenant or allow certain domains to have an additional tenant for separation. What approach should you suggest and why?. Single tenant, because it simplifies administration and centralizes policy control. Single tenant, because each business will have a super administrator account to separate responsibilities. Multitenant, because each business prefers to manage itself. Multitenant, because it simplifies user creation and collaboration across domains.

147. Your company maintains a strict privacy policy regarding the external sharing of certain information. You need to scan and block any outgoing email that contains certain sensitive data, such as credit card and national ID numbers. What should you do?. Create a content compliance rule that blocks any outbound email that contains sensitive data. Create a Drive Data Loss Prevention (DLP) rule that blocks content with sensitive data. Create a new Activity rule that sends a High severity alert for any outbound email that contains sensitive data. Create a content compliance rule that warns the user when they’re sending any outbound email that contains sensitive data but still allows sending with proper justification.

148. Your organizational policies require that all documents containing personally identifiable information (PII) are labeled as “Sensitive”. You want to scan all files in your corporate Drive and apply the label to all files containing PII. What should you do?. Create a data protection rule for Drive that automatically applies the label named “Sensitive" to Drive files with PII. Create a data protection rule for Drive that automatically applies a label named “Sensitive” to new Drive files with PII. and requires users to add a label to previously created files with PII. Enable data classification for your corporate Drive. Create a label named “Sensitive" that is automatically applied to all new and previously created files in your domain. Enable data classification for your corporate Drive. Create a label named "Sensitive” that is automatically applied to all new files in your domain.

149. You need to offboard a full team of users at your organization. The organizational policy requires that all data and comments must be retained and available for eDiscovery for at least two years. Google Vault has already been configured. You must determine the most cost effective and flexible approach. What should you do?. Purchase archived user licenses and suspend the users. Purchase archived user licenses and archive the users. Move the users to their own organizational unit (OU) and disable access to Google services. Remove the Google Workspace license and transfer files and data.

150. Your organization's legal department needs to provide access to Google Vault exports for one team member. This team member should be able to view, download, and delete Google Vault exports across the organization. However, this user should be prohibited from creating exports. You must create, assign, and configure a custom role for this user. What should you do?. Add the Manage Exports privilege for the user at the top of the organizational unit structure. Add the Manage Holds and Manage Exports privileges for the user's organizational unit. Add the Manage Exports privilege for the user's organizational unit. Add the Manage Exports and Manage Searches privileges for the user at the top of the organizational unit structure.