Your business partner requests that a new custom cloud application be set up to log in without having separate credentials. What is your business partner required to provide in order to proceed?

A. Service provider logout URL

B. Service provider ACS URL

C. Identity Provider URL

D. Service provider certificate

Security and Compliance has identified secure third-party applications that should have access to Google Workspace data. You need to restrict third-party access to only approved applications. What two actions should you take? (Choose two.)

A. Whitelist Trusted Apps

B. Disable the Drive SDK

C. Restrict API scopes

D. Disable add-ons for Gmail

E. Whitelist Google Workspace Marketplace apps

The CFO just informed you that one of their team members wire-transferred money to the wrong account because they received an email that appeared to be from the CFO. The CFO has provided a list of all users that may be responsible for sending wire transfers. The CFO also provided a list of banks the company sends wire transfers to. There are no external users that should be requesting wire transfers. The CFO is working with the bank to resolve the issue and needs your help to ensure that this does not happen again.

What two actions should you take? (Choose two.)

A. Configure objectionable content to reject messages with the words "wire transfer."

B. Verify that DMARC, DKIM, and SPF records are configured correctly for your domain.

C. Create a rule requiring secure transport for all messages regarding wire transfers.

D. Add the sender of the wire transfer email to the blocked senders list.

E. Enable all admin settings in Gmail's safety > spoofing and authentication.

Your organization deployed Google Workspace Enterprise within the last year, with the support of a partner. The deployment was conducted in three stages: Core IT, Google Guides, and full organization. You have been tasked with developing a targeted ongoing adoption plan for your Google Workspace organization.

What should you do?

A. Use Google Guides to deliver ad-hoc training to all of their co-workers and reports.

B. Use Work Insights to gather adoption metrics and target your training exercises.

C. Use Reports APIs to gather adoption metrics and Gmail APIs to deliver training content directly.

D. Use a script to monitor Email attachment types and target users that aren't using Drive sharing.

The Director of your Finance department has asked to be alerted if two financial auditors share any files outside the domain. You need to set an Admin Alert on Drive Sharing. What should you do?

A. Create a Google Group that has the two auditors as members, and then create a Drive DLP Rule that is assigned to that Group.

B. Create a Content Compliance rule that looks for outbound share notifications from those two users, and Bcc the Director on those emails.

C. Create two Drive Audit Alerts, one for each user, where the Visibility is "Shared Externally," and email them to the Director.

D. Check the Admin Console Dashboard Insights page periodically for external shares, and notify the Director of any changes.

Your company works regularly with a partner. Your employees regularly send emails to your partner's employees. You want to ensure that the Partner contact information available to your employees will allow them to easily select Partner names and reduce sending errors.

What should you do?

A. Educate users on creating personal contacts for the Partner Employees.

B. Add a secondary domain for the Partner Company and create user entries for each Partner user.

C. Create shared contacts in the Directory using the Directory API.

D. Create shared contacts in the Directory using the Domain Shared Contacts API.

The organization has conducted and completed Security Awareness Training (SAT) for all employees. As part of a new security policy, employees who did not complete the SAT have had their accounts suspended. The CTO has requested to

be informed of any accounts that have been re-enabled to ensure no one is in violation of the new security policy.

What should you do?

A. Enable "Suspicious login" rule - Other Recipients: CTO

B. Enable "Suspended user made active" rule - Other Recipients: CTO

C. Enable "Email settings changed" rule - -Other Recipients: CTO

D. Enable "Suspended user made active" rule and select "Deliver to" Super Administrator(s)

Your organization has recently gone Google, but you are not syncing Groups yet. You plan to sync all of your Active Directory group objects to Google Groups with a single GCDS configuration.

Which scenario could require an alternative deployment strategy?

A. Some of your Active Directory groups have sensitive group membership.

B. Some of the Active Directory groups do not have owners.

C. Some of the Active Directory groups have members external to organization.

D. Some of the Active Directory groups do not have email addresses.

Your company wants to provide secure access for its employees. The Chief Information Security Officer disabled peripheral access to devices, but wants to enable 2-Step verification. You need to provide secure access to the applications using Google Workspace.

What should you do?

A. Enable additional security verification via email.

B. Enable authentication via the Google Authenticator.

C. Deploy browser or device certificates via Google Workspace.

D. Configure USB Yubikeys for all users.

As the Workspace Administrator, you have been asked to configure Google Cloud Directory Sync (GCDS) in order to manage Google Group memberships from an internal LDAP server. However, multiple Google Groups must have their memberships managed manually. When you run the GCDS sync, you notice that these manually managed groups are being deleted. What should you do to prevent these groups from being deleted?

A. In the GCDS configuration manager, update the group deletion policy setting to "don't delete Google groups not found in LDAP."

B. Use the Directory API to check and update the group's membership after the GCDS sync is completed.

C. Confirm that the base DN for the group email address attribute matches the base DN for the user email address attribute.

D. In the user attribute settings of the GCDS configuration manager options, set the Google domain users deletion/suspension policy to "delete only active Google domain users not found in LDAP."