G Suite Exam & Credentials

This G Suite Deployment Services Specialist exam measures your ability to accomplish technical tasks in the areas listed below:

Planning and Designing a G Suite Deployment
Provisioning domains, users, groups, org units, and other resources
Configuring and managing mail routing
Migrating data to G Suite
Configuring and managing G Suite services and associated settings
Implementing and managing authentication and security
Configuring and managing mobile devices
Configuring and managing coexistence
Ensuring Customer Success Post-Deployment

Exam Preparation:
- Before taking the exam, we recommend that you have professional IT experience, and have done at least two G Suite deployments that have some technical complexity and data migration work.
- You should have experience with Google Cloud Directory Sync and server side migration tools, such as G Suite Migration for Microsoft Exchange.
- You should also be familiar with the G Suite Customer Success Methodology and deployment resources available on GCC.
- In addition, we highly recommend you take the optional ‘Deployment Basics’ training in this learning path.

---------------------

While using Google Cloud Directory Sync (GCDS) to provision groups, an administrator notices that GCDS creates the desired groups, but does not populate them with users. What is the most likely cause of this problem?
Choose an answer:

The administrator set the Groups search rule to (objectclass=group).
The administrator set the Groups search rule to (&(objectclass=group)(mail=*)).
The administrator left the Groups search rule blank.
The administrator entered an incorrect value for the User Email Address attribute.

A customer has set the Google session control expiration for 8 hours, but reports that users are not being prompted to re-authenticate as expected. What are the two possible causes of this issue?
Choose an answer:

Only Gmail and Drive are subject to session control and user’s are probably using other services
Users reporting the issue are on mobile devices which are not subject to the authentication timeout
Users are members of an administrative role that is not subject to session timeout length
The session timeout setting on a third party SSO provider is set longer than the Google session configuration
An IP whitelist has been configured which takes priority over the session control

An organization's MX record points to an inbound mail gateway (gateway1) that must relay all messages through a second gateway (gateway2) before sending messages to Gmail. What are the two Google recommended settings in this architecture?
Choose an answer:

Check "Automatically detect external IP" in the Inbound gateway configuration.
Add IP addresses for both gateway1 and gateway2 to the email whitelist.
Add the IP address for gateway1 to the Inbound gateway setting.
Add IPs for both gateway1 and gateway2 to the Inbound gateway setting.
Ensure that all inbound messages receive a custom header to bypass Google spam checks

Which Gmail policy type can alter the inbound route of email for specific users?
Choose an answer:

Internal-receiving
Default routing
Inbound gateway
Content compliance

Due to security requirements, an organization requires blocking access to consumer Gmail (gmail.com) while allowing enterprise G Suite account access (company.com). How is this accomplished?
Choose an answer:

Disallowing access to consumer Gmail can only be accomplished via written policy versus technical means
Create a CNAME record for gmail.com in your DNS settings to redirect consumer traffic.
Turn off Gmail for consumer accounts in the organizational service settings in the G Suite Admin console.
Add a "X-GoogApps-Allowed-Domains HTTP header" header to outbound G Suite traffic at your network perimeter.

Which two of the following are supported by G Suite Migration for Microsoft Exchange (GSMME)?
Choose an answer:

Microsoft Exchange profile
ICS
PST
MBOX
CSV

What of the following is NOT required to use Endpoint Verification?
Choose an answer:

Endpoint Verification custom executable
Chrome browser
Chrome OS
Endpoint Verification Chrome extension

Which of the following is true regarding Google’s native mobile device management (MDM) platform?
Choose an answer:

Basic mode MDM is required for all accounts that use third party MDM providers
Advanced mode MDM is enabled by default for all G Suite accounts
Advanced mode MDM is required for all accounts that use third party MDM providers
Basic mode MDM is enabled by default for all G Suite accounts

What is Google's recommended approach for analyzing patterns in mail flow for large organizations?
Choose an answer:

Use G Suite’s Big Query export functionality and use the SQL interface for analyzing patterns
Use in-line network monitoring tools to capture packet level data for advanced analytics
Use the "export Gmail traffic" option in the G Suite Admin console to download all data in .csv format for use in the tool of their choice
G Suite provides customizable graphs directly in the G Suite Admin console for this purpose

An organization's primary mail domain is ‘altostrat.com’. They would like to set up dual delivery of mail and have chosen the subdomain ‘apps.altostrat.com’ to facilitate mail routing to G Suite. Which action must they take?
Choose an answer:

Point the MX records for altostrat.com to aspmx.l.google.com.
Add apps.altostrat.com as a secondary G Suite domain.
Point the MX record for apps.altostrat.com to aspmx.l.google.com.
Register apps.altostrat.com as the primary domain for G Suite.

An organization with 10,000 employees has multiple Active Directory forests within their environment. When provisioning users for G Suite, which two actions does Google recommend when possible?
Choose an answer:

Use the Admin console to manually provision users.
Configure a dedicated (aggregated) LDAP system for GCDS provisioning.
Divide the employees into separate G Suite instances based on Active Directory membership.
Consolidate all forests into a single Active Directory.
Configure a single instance of GCDS using a reverse proxy to connect to all forests.

Which two types of data CANNOT be retained using G Suite Vault?
Choose an answer:

Google Slides
Off-the-record Chat conversations
Email
On-the-record Chat conversations
Google Sheets
Calendar Entries

An organization has created a G Suite Vault default retention rule which retains all Gmail messages for all users in the domain for 30 days. There are no active custom rules. A user receives a message on January 1. The user deletes the message and empties it from Trash on January 15. What is the earliest date on which the message will no longer be searchable in Vault?
Choose an answer:

Februray 15
March 1
January 31
January 15

A 300-person company is running Microsoft Exchange 2010. G Suite Migration for Microsoft Exchange (GSMME) will be used to migrate data from Exchange to G Suite. Which action must be taken to run GSMME?
Choose an answer:

Enable IMAP in Exchange.
Decrypt personal contacts.
Create a Service account and authorize its Client ID in the G Suite Admin console domain.
Install GSMME on the Exchange server

An organization has successfully installed G Suite Password Sync (GSPS) in their environment. They report that not all Active Directory user passwords are syncing to G Suite. What should they do to resolve this problem?
Choose an answer:

Ensure that GSPS is installed on their Windows Server Core with the Active Directory role.
Ensure that GSPS is installed on every writable domain controller.
Ensure that Google Cloud Directory Sync (GCDS) has completed the initial password sync.
Ensure that GSPS is installed on their Microsoft Exchange Server.

A customer moving to G Suite wants to replace the current ticketing system with a G Suite account tickets@company.com. Which of the following limits is likely to cause issues with this goal?
Choose an answer:

25 GB of mail storage capacity
100 Auto-forward mail filters
50,000 received messages per day
2,000 sent messages per day
4 GB of bandwidth per day (upload and download)

When using G Suite Password Sync (GSPS) to synchronize passwords, how is the password sent to Google from Active Directory?
Choose an answer:

Salted SHA-1 over HTTP
Clear text over HTTP
Clear text over HTTPS
MD-5 over HTTPS
Salted SHA-512 over HTTPS

Which three of the following actions can be configured for messages matching a content compliance rule?
Choose an answer:

Suspend User
Deliver with modification
Reject
Quarantine
Deliver after time interval SAI

An organization wants to deploy Google Drive File Stream but is concerned about potential implications to their network due to limited bandwidth. What is the Google recommended way to mitigate these concerns?
Choose an answer:

Use the bandwidth controls in the Google Admin console to reduce requirements
Drive File Stream automatically scans networks for available bandwidth and reduces usage
Strategically deploy Drive File Stream only to users with ample network bandwidth
Use registry (Windows) and defaults (macOS) controls on specific clients to reduce requirements
Allow only Google native files to be streamed to reduce bandwidth

You are installing G Suite Migration for IBM Notes (GSMIN) and want to ensure that it will run in the organization's environment. What should you do?
Choose an answer:

Sign the GSMIN templates with the migration server ID or the ID of a user who has the rights to run agents on the server.
Place GSMIN in a separate Domino organization and cross-certify it with the customer organization.
Sign the GSMIN templates with a special Google ID and grant the ID full access to all of the organization's mail servers.
Install a GSMIN instance on each of the organization's mail servers.

An organization wants to enforce policies on iOS devices. Which step must you perform before enabling iOS Sync in the Admin console?
Choose an answer:

Configure a whitelist of iOS apps to be installed as managed applications.
Enable device activation.
Install and set up the Apple Push Certificate.
Disable Google Sync.

You are in the Early Adopters phase of a G Suite deployment. Which set of users does Google recommend that you deploy in this phase?
Choose an answer:

10% of users from across all business units
IT staff and the project team
25% of users from technical teams
Executives and IT staff

An organization wants to achieve optimal network performance when accessing G Suite. Which of the following is a Google recommended best practice for network routing?
Choose an answer:

Proxy enterprise G Suite traffic separately from other traffic via Google's netblocks
Proxy all network connections to Google through a centralized location and closely measure that location's bandwidth usage.
Use a reverse proxy within your network perimeter
Implement a cloud access security broker (CASB) to funnel all requests to Google
Perform DNS lookups geographically close to users

An organization reports that valid email messages sent by their users are being marked as spam by several recipient domains. They ask for your help addressing this issue. What should you do?
Choose an answer:

Recommend that they talk to the recipient’s domain administrators and request being added to their whitelist.
Add the recipient domains to the outbound whitelist in G Suite.
Create a Google provided CNAME record in their DNS settings.
Ensure that SPF, DKIM, and DMARC are set up correctly for their domain.

A customer wants to disable all the G Suite marketplace applications that access Drive and Gmail. What is the recommended approach to disabling users from adding applications that access Drive and Gmail?
Choose an answer:

Use the G Suite Admin console to disable all OAuth access to the selected services
Set an alert for all installations of Marketplace applications to trigger an action to suspend a user until the application is removed
Use the Admin SDK API to run a script that removes access to all applications on a scheduled basis
Disable users from installing applications in the Marketplace in the G Suite Admin console

A G Suite account is set up with a third-party Single Sign-On (SSO) solution. Which access method will require the user to enter their password stored in G Suite versus their SSO login credential?
Choose an answer:

G Suite Migration for Microsoft Outlook
G Suite Sync for Microsoft Outlook
Google Admin console
Android device using Android sync

An organization has configured their domain to automatically cancel calendar events for deleted users in the G Suite Admin console. Which best describes what happens when a user account is deleted?
Choose an answer:

Future events are cancelled on the user's primary calendar immediately. Cancellation emails are sent.
Future events on the user's primary calendar are cancelled 21 days later. No cancellation emails are sent.
Future events on the user's primary and secondary calendars are cancelled 21 days later. No cancellation emails are sent.
All events are cancelled on the users primary calendar immediately. No cancellation emails are sent.

What must an administrator ensure before using a third party mobile device management (MDM) system for G Suite devices?
Choose an answer:

Google advanced mode MDM must be disabled
Good device policy application must be installed on all devices
No native Google applications will be used by users for access G Suite data
Both Google advanced and basic mode MDM must be disabled
Users will not require Android Enterprise because it only works with Google MDM

An organization, domain.com, wants to change their primary G Suite domain to newdomain.com. Which steps will achieve this goal?
Choose an answer:

Add newdomain.com as an additional domain in the G Suite Admin console of domain.com; then use the MAKE PRIMARY option to promote newdomain.com as the account's primary domain.
Add newdomain.com as a domain alias to domain.com; allow users to sign in using their primary address or their domain alias address.
Provision newdomain.com as a new primary domain. Use the Domains.get method of the Directory API to merge domain.com into newdomain.com.
Provision newdomain.com as a new primary domain. Use domain whitelisting from newdomain.com to domain.com to allow users to sign in to newdomain.com.

How can a G Suite administrator programmatically access a user's data without any manual authorization on the user’s part?
Choose an answer:

Individual user accounts must always consent to having their data accessed
Super administrators get access to all user data by default in G Suite
A support ticket can be filed with Google support to allow time based access to user data by the super administrator
User accounts can be granted the ‘Data Authority’ administrative role to access other user’s data
Grant a service account domain-wide delegation of authority

Which of the following is not available as a means of interoperability between G Suite and legacy platforms?
Choose an answer:

Full access to calendar events across recent Exchange platforms
Shared video conferencing between SIP/H.323 systems
Sophisticated mail routing rules for moving email between platforms
Presence in Microsoft Office files to detect when it’s safe to edit document
Federation for XMPP standard based chat systems

You have developed a script that uses the Drive API to add files to Google Drive. The script exits early with a 403: Rate Limit exceeded response from the Google servers. What two steps can you take?
Choose an answer:

Implement exponential back-off in your code
Request additional quota in the Developer Console project.
Batch your requests.
Add the Override_Rate_Limit header to each API request.
Insert a delay between each API call in your code.

Which of the following is true when handling conflict accounts with G Suite customers?
Choose an answer:

Administrators can opt-in all existing conflict accounts to be added to the corporate G Suite tenant
User’s can decide whether to allow their existing address and data to be added to the corporate G Suite tenant
User’s can decide whether to allow their existing data to be added to the corporate G Suite tenant
User’s can decide whether to allow their existing address to be added to the corporate G Suite tenant

An organization has many administrators across different regions and wants to segment the user management by region. How is this accomplished?
Choose an answer:

Delegate administrators to specific OUs using the “User Management Admin” system role.
Move each IT administrator into the same OU as the users in their respective region and grant them the “User Management Admin” system role.
Use a group filter to delegate administrative rights to specific users based on group membership.
Configure super administrator access for each administrator and assign them to specific OUs.

You are migrating Exchange accounts to G Suite with G Suite Migration for Microsoft Exchange (GSMME). When must a mapping file be used?
Choose an answer:

The mapping file is required for all Gmail, Contacts and Calendar migrations.
When you need to migrate Calendars and the legacy email addresses are different from the G Suite addresses.
When migrating from an IMAP server.
Never. Mappings are included in the GSMME control file.

You are working in the G Suite Admin console. You need to block sign-in attempts from applications that do not use modern security standards, and thus are considered less secure. What type of applications should you block?
Choose an answer:

Applications that rely on plain SSO authentication to access an account programmatically
Applications that rely on certificate based authentication to access an account programmatically
Applications that rely on plain authentication to access an account programmatically
Applications that rely on username/password authentication to access an account programmatically

You are using G Suite Calendar Interop for Microsoft Exchange to share availability information between legacy and G Suite calendars. Which of the following must you do to allow Exchange users to see Google Calendar availability information?
Choose an answer:

Create a "Google Calendar" group in Exchange and add all G Suite users to this group.
Move the G Suite users to a specific organizational unit (OU) and enable calendar sharing.
Ensure that G Suite users do not appear in the Exchange Global Address List.
Create a role account in G Suite to be used by Exchange to get each Google user's availability information.

A user created a Google Site in the domain altostrat.com. The user wants to make the site accessible using the URL http://myproject.altostrat.com. What should the administrator do?
Choose an answer:

Create a TXT record that contains "name: myproject value:altostrat.com."
Configure a web address mapping in the site settings.
Configure a web address mapping in the Admin console.
Create a CNAME record that points myproject.altostrat.com to google.com.

Which API can you use to list, create, and modify G Suite users?
Choose an answer:

Admin SDK Enterprise License Manager API
Admin SDK Directory API
G Suite Admin Settings API
Google G Suite Users API
Google Domain Shared Contacts API

Which of the following is required In order to achieve free/busy interoperability between Google and Microsoft Exchange?
Choose an answer:

Exchange web services must be opened on port 443 for https://calendar.google.com
Exchange web services must be opened on port 443 for all of Google’s IPv6 net blocks
Exchange web services must be opened on port 443 for all of Google’s IP blocks
Exchange web services must be opened on port 443 for a small subset of Google’s IP blocks

What is the Google-recommended SPF setting for a domain that uses G Suite as the primary mail system?
Choose an answer:

v=spf1 include:_ghs.google.com ~all
v=spf1 a:google.com mx ptr ~all
v=spf1 a:aspmx.l.google.com -all
v=spf1 include:_spf.google.com ~all
v=spf1 include:_spf.google.com -all

An organization is using Google Calendar Interop for Microsoft Exchange. Users are provisioned in both Google and the legacy environment. When doing lookups from a G Suite account, you want to ensure that free/busy status for a user comes from Exchange. Which two methods should you choose?
Choose an answer:

Move the user in Google to an organization unit (OU) with the Calendar service disabled.
Suspend the user in Google.
Disable sharing of the user's primary Google calendar within their organization.
Add the user to the "Exchange Calendar" Google Group.
Delete the user’s primary Google calendar.

Which access method does NOT allow enforcement of policy controls on iOS devices by G Suite?
Choose an answer:

Google-provided Gmail app
Adding an account type of “Google” through the Mail, Calendar, and Contacts menu
iOS Sync
Google Sync (Microsoft ActiveSync)

Which option do G Suite administrators NOT have for enforcing second factor authentication (2SV) for their users?
Choose an answer:

Give users the ability to choose “trusted devices” for less frequent 2SV challenges
Admins can enroll and enforce users in 2SV automatically
Selective enforcement for diverse user populations
Enforcement from a specific date
Allow custom grace periods for new employees to enroll in 2SV

Which of the following is not a supported source for identifying users during a login challenge to G Suite?
Choose an answer:

Voice call pin code
Recovery email account
SMS text of pin code
Google Authenticator code
Employee ID

As the administrator for your G Suite domain you need to investigate why one of your users didn’t receive an important message. The message was sent to them 45 days ago. What should you do?
Choose an answer:

Obtain the message ID from the sender and use the Gmail API to locate the message.
Use the Email Log Search feature in the Admin console to confirm whether the message was delivered using sender and recipient SMTP addresses.
Obtain the message ID from the sender and use the Email Log Search feature to confirm the post delivery message status.
Use the subject of the message and the Email Log Search feature to confirm the post delivery message status.

An organization is migrating all the employees to G Suite except for a small, independent group of users in Antarctica. You want to include the users in Antarctica in the global address list for G Suite without additional licensing costs. What should you do?
Choose an answer:

Add a new contact for each Antarctica user in the administrator's “My Contacts” list.
Add user accounts for the Antarctica users, but suspend their accounts.
Add domain shared contact records for the Antarctic users.
Create an organizational unit for only the Antarctica users.

What is Google’s recommended network protocol for Hangouts Meet traffic?
Choose an answer:

QUIC
Unsecured TCP
Secured UDP
Secured TCP
Unsecured UDP

A customer with over 25,000 Windows machines wants to enforce strict control over Chrome extensions installed in their environment. What should they do?
Choose an answer:

Chrome browser natively inspects and verifies all extensions by default so no further action is needed
Use the Google Admin console to deploy only approved extensions to all users
The customer should create Chrome manifest files to whitelist extensions during deployment of Chrome browser
Chrome extensions are controlled only at the user level and must be restricted only through written policies
Use Google provided group policy templates (.adm and .admx) to create a centrally controlled level of restriction

A customer reports that a large percentage of their users received a phishing email. The customer wants to immediately remove the message from their environment. What action should they take?
Choose an answer:

Search for and remove the message from all mailboxes via the Admin Console Investigation Tool
Use the phishing classification via the Gmail API to remove the message
Use G Suite Vault to remove the message from all mailboxes
Send an email to all users notifying them of the incident and instructing them to remove the message in question.
Use IMAP to connect to mailboxes and remove the message

An organization has provisioned all of their employees in G Suite and pointed their MX records to Google. They want to configure email for some users to be delivered in Gmail, while email for other users is delivered to a legacy mail system. What should they do?
Choose an answer:

Place all legacy users in an organizational unit and configure the outbound gateway to the IP address of the legacy mail system.
Create a Google Group for all legacy mail system users and place the group in an organizational unit that has a “Default Routing” setting to the legacy mail system.
Add legacy mail system users to an organizational unit and configure a Routing setting to direct mail to the legacy system.
Set up split delivery in their legacy mail system and forward all G Suite user mail to aspmx.l.google.com

"An organization has the following Vault rules configured: -A default rule that retains messages for 5 years. -A custom rule that retains messages with label “misc” for 3 years. For a conversation started on 1/1/2013, if a user put the “misc” label on a single message in the conversation sent on February 1, 2013, what will the status of all messages in the conversation be on February 1, 2016?"
Choose an answer:

All of the messages are deleted.
All messages up to the labelled message are deleted. All messages sent after are retained until 2018.
None of the messages are deleted.
All messages up to the labelled message are kept. All messages sent after are removed.

G Suite Migration for Microsoft Exchange (GSMME) uses a control comma-separated values (CSV) file to map legacy accounts to G Suite accounts. An organization yourdomain.com is migrating from Exchange where user G Suite addresses will remain unchanged from the Exchange environment. How should each user entry be entered into the control file?
Choose an answer:

user@yourdomain.com, user@yourdomain.com, G Suite Organizational Unit
user@yourdomain.com, user@yourdomain.com, G Suite password
user@yourdomain.com, user@yourdomain.com
user@yourdomain.com

What is Google’s maximum suggested latency for Hangouts Meet?
Choose an answer:

20ms
400ms
3,000ms
1,000ms
100ms

G Suite Exam & Credentials

Tuesday, March 19, 2019

G Suite Administrator Fundamentals part 1

Adding Users Quiz

------------

Managing Users

------------

Admin Privileges

G Suite Deployment Services Specialist Exam