Google Workspace Deployment Services Credential Answers
- Exam questions: 54
- Target Passing Rate = 75%
- All questions are weighted evenly (no credit for partially correct answers).
All answers to pass this certification are only in our .PDF file, you can buy and download here:
Questions:
- January 31
- January 15
- March 1
- February 15
- Never. Mappings are included in the GWMME control file.
- The mapping file is required for all Gmail, Contacts and Calendar migrations.
- When migrating from an IMAP server.
- When you need to migrate Calendars and the legacy email addresses are different from the Google Workspace addresses.
Which two types of data CANNOT be retained using Google Workspace Vault?
Select 2 Correct Responses
- Off-the-record Chat conversations
- On-the-record Chat conversations
- Google Sheets
- Calendar Entries
- Google Slides
- Use the Google Workspace Admin console to disable all OAuth access to the selected services
- Set an alert for all installations of Marketplace applications to trigger an action to suspend a user until the application is removed
- Use the Admin SDK API to run a script that removes access to all applications on a scheduled basis
- Disable users from installing applications in the Marketplace in the Google Workspace Admin console
- Set up split delivery in their legacy mail system and forward all Google Workspace user mail to aspmx.l.google.com
- Create a Google Group for all legacy mail system users and place the group in an organizational unit that has a “Default Routing” setting to the legacy mail system.
- Add legacy mail system users to an organizational unit and configure a Routing setting to direct mail to the legacy system.
- Place all legacy users in an organizational unit and configure the outbound gateway to the IP address of the legacy mail system.
Select 2 Correct Responses
- Check “Automatically detect external IP” in the Inbound gateway configuration.
- Add the IP address for gateway1 to the Inbound gateway setting.
- Add IP addresses for both gateway1 and gateway2 to the email whitelist.
- Add IPs for both gateway1 and gateway2 to the Inbound gateway setting.
- Ensure that all inbound messages receive a custom header to bypass Google spam checks
Select 2 Correct Responses
- The session timeout setting on a third party SSO provider is set longer than the Google session configuration
- Users reporting the issue are on mobile devices which are not subject to the authentication timeout
- An IP whitelist has been configured which takes priority over the session control
- Only Gmail and Drive are subject to session control and user’s are probably using other services
- Users are members of an administrative role that is not subject to session timeout length
- Google-provided Gmail app
- Google Sync (Microsoft ActiveSync)
- Adding an account type of “Google” through the Mail, Calendar, and Contacts menu
- iOS Sync
- Exchange web services must be opened on port 443 for https://calendar.google.com
- Exchange web services must be opened on port 443 for all of Google’s IPv6 net blocks
- Exchange web services must be opened on port 443 for all of Google’s IP blocks
- Exchange web services must be opened on port 443 for a small subset of Google’s IP blocks
- Future events on the user’s primary calendar are cancelled 21 days later. No cancellation emails are sent.
- Future events are cancelled on the user’s primary calendar immediately. Cancellation emails are sent.
- All events are cancelled on the users primary calendar immediately. No cancellation emails are sent.
- Future events on the user’s primary and secondary calendars are cancelled 21 days later. No cancellation emails are sent.
- Register apps.altostrat.com as the primary domain for Google Workspace.
- Point the MX records for altostrat.com to aspmx.l.google.com.
- Point the MX record for apps.altostrat.com to aspmx.l.google.com.
- Add apps.altostrat.com as an alias Google Workspace domain.
Which Gmail policy type can alter the inbound route of email for specific users?
- Internal-receiving
- Content compliance
- Default routing
- Inbound gateway
What is Google’s recommended network protocol for Google Meet traffic?
- QUIC
- Unsecured TCP
- Secured UDP
- Secured TCP
- Unsecured UDP
- Configure super administrator access for each administrator and assign them to specific OUs.
- Use a group filter to delegate administrative rights to specific users based on group membership.
- Move each IT administrator into the same OU as the users in their respective region and grant them the “User Management Admin” system role.
- Delegate administrators to specific OUs using the “User Management Admin” system role.
- Executives and IT staff
- 25% of users from technical teams
- 10% of users from across all business units
- IT staff and the project team
- Chrome extensions are controlled only at the user level and must be restricted only through written policies
- The customer should create Chrome manifest files to whitelist extensions during deployment of Chrome browser
- Use the Google Admin console to deploy only approved extensions to all users
- Use Google provided group policy templates (.adm and .admx) to create a centrally controlled level of restriction
- Chrome browser natively inspects and verifies all extensions by default so no further action is needed
Select 2 Correct Responses
- Use the Admin console to manually provision users.
- Divide the employees into separate Google Workspace instances based on Active Directory membership.
- Consolidate all forests into a single Active Directory.
- Configure a dedicated (aggregated) LDAP system for GCDS provisioning.
- Configure a single instance of GCDS using a reverse proxy to connect to all forests.
- Selective enforcement for diverse user populations
- Allow custom grace periods for new employees to enroll in 2SV
- Admins can enroll and enforce users in 2SV automatically
- Enforcement from a specific date
- Give users the ability to choose “trusted devices” for less frequent 2SV challenges
- Ensure that Google Workspace users do not appear in the Exchange Global Address List.
- Create a “Google Calendar” group in Exchange and add all Google Workspace users to this group.
- Create a role account in Google Workspace to be used by Exchange to get each Google user’s availability information.
- Move the Google Workspace users to a specific organizational unit (OU) and enable calendar sharing.
Which of the following is true when handling conflict accounts with Google Workspace customers?
- User’s can decide whether to allow their existing address and data to be added to the corporate Google Workspace tenant
- Administrators can opt-in all existing conflict accounts to be added to the corporate Google Workspace tenant
- User’s can decide whether to allow their existing address to be added to the corporate Google Workspace tenant
- User’s can decide whether to allow their existing data to be added to the corporate Google Workspace tenant
- Proxy all network connections to Google through a centralized location and closely measure that location’s bandwidth usage.
- Perform DNS lookups geographically close to users
- Use a reverse proxy within your network perimeter
- Proxy enterprise Google Workspace traffic separately from other traffic via Google’s netblocks
- Implement a cloud access security broker (CASB) to funnel all requests to Google
- The administrator entered an incorrect value for the User Email Address attribute.
- The administrator set the Groups search rule to (&(objectclass=group)(mail=*)).
- The administrator set the Groups search rule to (objectclass=group).
- The administrator left the Groups search rule blank.
- Install GWMME on the Exchange server.
- Create a Service account and authorize its Client ID in the Google Workspace Admin console domain.
- Enable IMAP in Exchange.
- Decrypt personal contacts.
- Use the phishing classification via the Gmail API to remove the message
- Search for and remove the message from all mailboxes via the Admin Console Investigation Tool
- Send an email to all users notifying them of the incident and instructing them to remove the message in question.
- Use Google Workspace Vault to remove the message from all mailboxes
- Use IMAP to connect to mailboxes and remove the message
- Turn off Gmail for consumer accounts in the organizational service settings in the Google Workspace Admin console.
- Create a CNAME record for gmail.com in your DNS settings to redirect consumer traffic.
- Add a “X-GoogApps-Allowed-Domains HTTP header” header to outbound Google Workspace traffic at your network perimeter.
- Disallowing access to consumer Gmail can only be accomplished via written policy versus technical means
- 25 GB of mail storage capacity
- 100 Auto-forward mail filters
- 50,000 received messages per day
- 4 GB of bandwidth per day (upload and download)
- 2,000 sent messages per day
Which API can you use to list, create, and modify Google Workspace users?
- Google Workspace Admin Settings API
- Google Google Workspace Users API
- Admin SDK Directory API
- Admin SDK Enterprise License Manager API
- Google Domain Shared Contacts API
Select 3 Correct Responses
- Quarantine
- Deliver with modification
- Reject
- Suspend User
- Deliver after time interval
- Full access to calendar events across recent Exchange platforms
- Sophisticated mail routing rules for moving email between platforms
- Federation for XMPP standard based chat systems
- Presence in Microsoft Office files to detect when it’s safe to edit document
- Shared video conferencing between SIP/H.323 systems
- Add domain shared contact records for the Antarctic users.
- Add user accounts for the Antarctica users, but suspend their accounts.
- Create an organizational unit for only the Antarctica users.
- Add a new contact for each Antarctica user in the administrator’s “My Contacts” list.
- user@yourdomain.com, user@yourdomain.com, Google Workspace password
- user@yourdomain.com, user@yourdomain.com
- user@yourdomain.com
- user@yourdomain.com, user@yourdomain.com, Google Workspace Organizational Unit
- v=spf1 include:_ghs.google.com ~all
- v=spf1 a:google.com mx ptr ~all
- v=spf1 a:aspmx.l.google.com -all
- v=spf1 include:_spf.google.com ~all
- v=spf1 include:_spf.google.com -all
- Obtain the message ID from the sender and use the Gmail API to locate the message.
- Obtain the message ID from the sender and use the Email Log Search feature to confirm the post delivery message status.
- Use the Email Log Search feature in the Admin console to confirm whether the message was delivered using sender and recipient SMTP addresses.
- Use the subject of the message and the Email Log Search feature to confirm the post delivery message status.
- Configure a whitelist of iOS apps to be installed as managed applications.
- Disable Google Sync.
- Enable device activation.
- Install and set up the Apple Push Certificate.
- Ensure that Password Sync is installed on their Windows Server Core with the Active Directory role.
- Ensure that Google Cloud Directory Sync (GCDS) has completed the initial password sync.
- Ensure that Password Sync is installed on every writable domain controller.
- Ensure that Password Sync is installed on their Microsoft Exchange Server.
- Strategically deploy Drive File Stream only to users with ample network bandwidth
- Use registry (Windows) and defaults (macOS) controls on specific clients to reduce requirements
- Allow only Google native files to be streamed to reduce bandwidth
- Drive File Stream automatically scans networks for available bandwidth and reduces usage
- Use the bandwidth controls in the Google Admin console to reduce requirements
- Configure a web address mapping in the site settings.
- Create a TXT record that contains “name: myproject value:altostrat.com.”
- Configure a web address mapping in the Admin console.
- Create a CNAME record that points myproject.altostrat.com to google.com.
Which of the following is true regarding Google’s native mobile device management (MDM) platform?
- Basic mode MDM is enabled by default for all Google Workspace accounts
- Advanced mode MDM is enabled by default for all Google Workspace accounts
- Basic mode MDM is required for all accounts that use third party MDM providers
- Advanced mode MDM is required for all accounts that use third party MDM providers
What of the following is NOT required to use Endpoint Verification?
- Chrome browser
- Chrome OS
- Endpoint Verification Chrome extension
- Endpoint Verification custom executable
- Applications that rely on certificate based authentication to access an account programmatically
- Applications that rely on plain SSO authentication to access an account programmatically
- Applications that rely on plain authentication to access an account programmatically
- Applications that rely on username/password authentication to access an account programmatically
An organization has the following Vault rules configured:
-A default rule that retains messages for 5 years.
-A custom rule that retains messages with label “misc” for 3 years.
“An organization has the following Vault rules configured:
-A default rule that retains messages for 5 years.
-A custom rule that retains messages with label “misc” for 3 years.
For a conversation started on 1/1/2013, if a user put the “misc” label on a single message in the conversation sent on February 1, 2013, what will the status of all messages in the conversation be on February 1, 2016?
- All messages up to the labelled message are deleted. All messages sent after are retained until 2018.
- All messages up to the labelled message are kept. All messages sent after are removed.
- None of the messages are deleted.
- All of the messages are deleted.
- Sign the GWMHN templates with the migration server ID or the ID of a user who has the rights to run agents on the server.
- Sign the GWMHN templates with a special Google ID and grant the ID full access to all of the organization’s mail servers.
- Place GWMHN in a separate Domino organization and cross-certify it with the customer organization.
- Install a GWMHN instance on each of the organization’s mail servers.
- Good device policy application must be installed on all devices
- Both Google advanced and basic mode MDM must be disabled
- Users will not require Android Enterprise because it only works with Google MDM
- Google advanced mode MDM must be disabled
- No native Google applications will be used by users for access Google Workspace data
Select 2 Correct Responses
- ICS
- MBOX
- Microsoft Exchange profile
- PST
- CSV
- SMS text of pin code
- Google Authenticator code
- Voice call pin code
- Employee ID
- Recovery email account
Select 2 Correct Responses
- Request additional quota in the Developer Console project.
- Implement exponential back-off in your code
- Add the Override_Rate_Limit header to each API request.
- Insert a delay between each API call in your code.
- Batch your requests.
- Individual user accounts must always consent to having their data accessed
- A support ticket can be filed with Google support to allow time based access to user data by the super administrator
- User accounts can be granted the ‘Data Authority’ administrative role to access other user’s data
- Grant a service account domain-wide delegation of authority
- Super administrators get access to all user data by default in Google Workspace
- Salted SHA-1 over HTTP
- Clear text over HTTP
- Salted SHA-512 over HTTPS
- Clear text over HTTPS
- MD-5 over HTTPS
What is Google’s maximum suggested latency for Google Meet?
- 3,000ms
- 400ms
- 1,000ms
- 100ms
- 20ms
- Recommend that they talk to the recipient’s domain administrators and request being added to their whitelist.
- Create a Google provided CNAME record in their DNS settings.
- Ensure that SPF, DKIM, and DMARC are set up correctly for their domain.
- Add the recipient domains to the outbound whitelist in Google Workspace.
What is Google’s recommended approach for analyzing patterns in mail flow for large organizations?
- Use the “export Gmail traffic” option in the Google Workspace Admin console to download all data in .csv format for use in the tool of their choice
- Use Google Workspace’s Big Query export functionality and use the SQL interface for analyzing patterns
- Google Workspace provides customizable graphs directly in the Google Workspace Admin console for this purpose
- Use in-line network monitoring tools to capture packet level data for advanced analytics
- Add newdomain.com as an additional domain in the Google Workspace Admin console of domain.com; then use the MAKE PRIMARY option to promote newdomain.com as the account’s primary domain.
- Provision newdomain.com as a new primary domain. Use domain whitelisting from newdomain.com to domain.com to allow users to sign in to newdomain.com.
- Provision newdomain.com as a new primary domain. Use the Domains.get method of the Directory API to merge domain.com into newdomain.com.
- Add newdomain.com as a domain alias to domain.com; allow users to sign in using their primary address or their domain alias address.
Select 2 Correct Responses
- Move the user in Google to an organization unit (OU) with the Calendar service disabled.
- Suspend the user in Google.
- Disable sharing of the user’s primary Google calendar within their organization.
- Add the user to the “Exchange Calendar” Google Group.
- Delete the user’s primary Google calendar.
- Google Workspace Sync for Microsoft Outlook
- Google Workspace Migration for Microsoft Outlook
- Android device using Android sync
- Google Admin console