Your company (your-company.com) just acquired a new business (new-company.com) that is running their email on-premises. It is close to their peak season, so any major changes need to be postponed. However, you need to ensure that the users at the new business can receive email addressed to them using your- company.com into their on-premises email server. You need to set up an email routing policy to accomplish this.
What steps should you take?
Access the Admin Console:
Log in to the Google Workspace Admin console at https://admin.google.com/.
Configure Email Routing:
Navigate to 'Apps' > 'Google Workspace' > 'Gmail' > 'Default routing'.
Set Up Split Delivery:
Create a new default routing rule.
Under 'Add setting,' click on 'Routing.'
In the 'Add setting' box, under 'Inbound,' select 'Configure' next to 'Routing.'
Under 'Add setting,' name your routing policy.
In the 'Email messages to affect' section, specify the conditions for the rule (e.g., recipients in the new-company.com domain).
Route to On-Premises Server:
In the 'Route' section, select 'Modify message' > 'Add more recipients.'
Enter the on-premises email server information (e.g., SMTP relay server) to forward emails to the on-premises server.
Save the rule and ensure it is active.
Test the Configuration:
Send test emails to ensure that emails are correctly routed to the on-premises server as per the split delivery setup.
Monitor the email flow and make adjustments if necessary to ensure smooth operation during the peak season.
Reference
Google Workspace Admin Help: Set up routing for your domain or organization
Google Workspace Admin Help: Configure routing for mail in Google Workspace
Recently your organization has had an increase in messages marked as spam You need to quickly and efficiently obtain detailed information regarding each message What should you do?
Access Security Dashboard: Go to the Google Admin console and navigate to the 'Security' section.
Open Spam Filter Report: In the security dashboard, open the spam filter report.
Filter by Time Period: Select the specific time period you want to analyze.
Review Spam Messages: Review the detailed information regarding each message marked as spam by Google's spam filter.
Take Necessary Actions: Use the information from the report to adjust spam filters, user alerts, or take other necessary actions to manage spam more effectively.
Reference
Security Dashboard
Email Log Search
Your company wants to provide secure access for its employees. The Chief Information Security Officer disabled peripheral access to devices, but wants to enable 2-Step verification. You need to provide secure access to the applications using Google Workspace.
What should you do?
2-Step Verification (2SV):
2-Step Verification adds an extra layer of security by requiring users to verify their identity using a second factor in addition to their password. This helps protect against unauthorized access, even if the password is compromised.
Google Authenticator:
Google Authenticator is a mobile app that generates time-based one-time passcodes (TOTP) for 2SV. It works even when the device is offline, providing a secure and reliable second factor for authentication.
Implementation Steps:
Enable 2-Step Verification:
Go to the Google Admin console (admin.google.com).
Navigate to Security > Authentication > 2-Step Verification.
Turn on 2-Step Verification for the organization.
Deploy Google Authenticator:
Instruct users to download the Google Authenticator app from their respective app stores (iOS or Android).
Provide guidance on setting up Google Authenticator with their Google Workspace accounts.
Users will scan a QR code provided during the setup process to link their account with the Authenticator app.
Advantages of Google Authenticator:
Security: It provides a highly secure method of 2-step verification as the codes are generated on the user's device and change every 30 seconds.
Ease of Use: It's easy to set up and use, with a straightforward user interface.
Offline Functionality: Codes can be generated even without internet access, ensuring consistent access to 2SV codes.
Why Other Options Are Less Suitable:
A . Enable additional security verification via email:
Email-based verification is less secure than app-based 2SV because email accounts can be more easily compromised.
C . Deploy browser or device certificates via Google Workspace:
While device certificates add security, they are typically used for device management and access control rather than for 2-step verification purposes.
D . Configure USB Yubikeys for all users:
USB Yubikeys are highly secure and suitable for 2SV, but they require physical distribution and management of hardware tokens, which can be logistically complex and costly. Given the context of disabled peripheral access, this option might contradict the policy of the Chief Information Security Officer.
Google Workspace Admin Help: Set up 2-Step Verification
Google Workspace Security: 2-Step Verification
The security team for your organization is concerned about phishlng attacks against your end user base. What two actions should you take to configure the strongest possible preventative measure against phishing attacks?
Choose 2 answers
Access Admin Console: Go to admin.google.com and sign in with your admin account.
Navigate to Gmail Settings: In the Admin console, go to Apps > Google Workspace > Gmail > Safety.
Configure Spoofing and Authentication Controls:
Set up email authentication policies such as SPF, DKIM, and DMARC to verify incoming emails.
Enable options to quarantine messages that fail authentication checks and are perceived as threats.
Configure warnings for users to alert them about potentially harmful messages.
Create Compliance Rules: Under the Gmail settings, create rules that quarantine suspicious emails and notify users when they receive messages that might be phishing attempts.
Train Users: Educate users on how to recognize phishing attempts and the importance of marking suspicious emails as spam.
By configuring these settings, you enhance the security against phishing attacks by both automatically handling suspected threats and making users aware of potential dangers.
Reference
Protect against spam and phishing with Gmail
Set up email authentication (SPF, DKIM, DMARC)
Your company is using Google Workspace Enterprise Plus, and the Human Resources (HR) department is asking for access to Work Insights to analyze adoption of Google Workspace for all company employees. You assigned a custom role with the work Insights permission set as ''view data for all teams'' to the HR group, but it is reporting an error when accessing the application. What should you do?
Access Admin Console: Log in to the Google Admin console.
Navigate to Work Insights Settings: Go to Apps > Additional Google services > Work Insights.
Turn On Work Insights: Ensure that the Work Insights app is enabled for all employees in the organization.
Verify Permissions: Confirm that the custom role with ''view data for all teams'' permission is correctly assigned to the HR group.
Test Access: Ask HR users to try accessing Work Insights again to ensure that the error is resolved.
Monitor and Review: Monitor the access and usage to ensure that HR can analyze the adoption of Google Workspace without further issues.
Google Workspace Admin Help - Turn Work Insights On or Off
Google Workspace Admin Help - Work Insights Permissions
