Notes from my Google Cloud Professional Collaboration Engineer Certification Exam

11 min readJan 6, 2020

Subscribe to my YouTube channel that teaches you to apply Google Cloud to your projects and also prepare for the certifications: youtube.com/AwesomeGCP. Check out the playlists I currently have for Associate Cloud Engineer, Professional Architect, Professional Data Engineer, Professional Cloud Developer, Professional Cloud DevOps Engineer, Professional Cloud Network Engineer, and Professional Cloud Security Engineer.

I’ve been through a bunch of these exams and the experience never changes. First, there is no end to how much you can study. The material could go on and on, and you’d still never feel fully prepared. Having said that, the entire scope of the Professional Collaboration Engineer exam is not too wide+deep as compared to the Professional Architect or Professional Data Engineer. But there are lots of details, and at least some is going to catch you off guard during the exam. Second, given that there is no end to studying, one has to take a leap of faith at some point. So I did and came out with another certification. Luckily, I think.

I had also received a 50% off coupon to finish a Professional Google Cloud Certification before the end of the year and the Collaboration Engineer was the only one left. That matched my personal plan also to try and do all the available Google Cloud certifications this year.

Courses and Material

I had started doing the Coursera specialization for the Collaboration engineer a few months ago, but other work/travel came up and I got pulled away into that. I’d also started the Coursera course on Cloud Identity. I thought I had finished that, but realized a couple of days before the exam that I hadn’t. I went through the last of that just before the exam. Since I would have definitely forgotten a good part of the G Suite Admin specialization, I paid for it again so that I could revise. Both those courses were well worth it. The questions in the exam were mostly from within those two course — G Suite Admin Specialization and Cloud Identity. Some parts were not though — like Chrome device management and Hangouts device management. As with other GCP exam preparations, I tried to spend maximum time in the docs — that’s where I have always found the most comprehensive material. Unlike many of the other Google Cloud courses on Coursera, these courses had less videos, more text, and links into the docs. I found this great to quickly revise.

Coursera — Introduction to Cloud Identity

Coursera — G Suite Administration Specialization

I’m also collecting material for this exam in my GitHub repo: https://github.com/sathishvj/awesome-gcp-certifications/blob/master/professional-collaboration-engineer.md. (I encourage you to contribute to it.)

The Exam

This was as was to be expected. 2 hours, about 50 questions, all multiple choice, no case studies, almost all questions were short scenarios. I approach each question slowly, often reading and re-reading the question and options. I finished the exam with about 15 minutes to spare and reviewed the questions for the remaining time. I probably changed one or two answers during the review process. On submitting it at the end, I got a provisional PASS result.

Is this exam for you?

Google Cloud encompasses a wide array of solutions today. This includes G Suite with its offerings like Mail, Calendar, Slides, Drive, Hangouts, etc. There is also the provisioning and management of devices like Chromebook, mobile phones, teleconference equipment, etc. These resources are typically accessed via user identities, either using Google as the Identity Provider (IdP) or via third party IdPs. Managing all of this usually comes under the purview of the IT department. The Collaboration Engineer validates your ability to administer users, G Suite Services, devices, and also migrate from/to alternate office solutions.

This would not be a necessary exam for you if your prime focus is architecting software solutions, planning networking, or data engineering. There is, of course, some overlap in terms of user management and IT security, but that is covered in other certifications.

If you are only a user of G Suite services, then there is the G Suite certification which I’ve covered here.

Exam Difficulty

Personally, I did not find the exam too tough. Most of the G Suite options are logical. I have worked with G Suite for a few years now and managed my own G Suite accounts. So I do have some general knowledge of the subject but I’m not by any stretch of imagination an IT administrator. So it was difficult for me only because of minimum exposure to it via my work. I was, however, able to make up for it by doing the courses and studying the docs.

Exam Topics

* Reports — It is to be expected that management and legal will expect to see multiple kinds of reports. How do you generate these reports? From where? What level of detail do you have to provide? Is it ready made or would you have to take it from somewhere and fix it up?
* Audits — what actions and events are logged? What are the different types of audits?
* Audits — If you had a particular type of event happening, say a data breach or an external attack, where should you be looking for investigation data?
* Apps — Scheduled and Rapid Release — how quickly does G Suite features reach your users? How do you test new features?
* 2SV — What are the ways in which you can secure user access? Which is better under what circumstances? Should you be using authenticator, security keys, disabling passwords, resetting sessions?
* Apps — Configuring SSO and SAML for apps — you’ll have 3rd party apps that you want to use in your organization. How do you verify if they are safe? How do you limit what they can do? How do you enable only them for install by your company’s employees?
* Apps — Settings for apps in own domain — is there a way you can give default access to apps written by your own employees?
* Apps — Access scopes for external apps — maybe you don’t want to give full access to all apps. Ideally, follow the least privilege rule for apps and users.
* Apps — Domain wide delegation — or maybe you do want to give domain wide access to apps. How do you set that up? What are the best practices here?
* Users — deletion/suspension — what happens to data of suspended and deleted users?
* Users — Data of deleted/suspended users — how to get information on users who are active, suspended, deleted?
* Apps — When should you use apps script vs 3rd party tools? Which APIs should be enabled for this?
* GCDS, LDAP, Active Directory and syncing data — you will often have to work with different organizations who have a different user management system. How do you integrate the two? This might also be the situation when users are being migrated, say after a company got acquired.
* GCDS — What happens when GCDS sync fails? These systems might not work perfectly the first time you try it? How should you investigate failures and correct it? Manually using some process or automatically using some configuration changes?
* GCDS — know how the different objects are mapped between Active Directory and G Suite. They don’t all have the same naming convention.
* GCDS — which objects are synced always? Which are never synced? And which are synced only if chosen?
* GCDS — which way are changes synced? Does G Suite allow changes to user info, passwords, etc.?
* GCDS — how do you work with shared contacts and personal contacts?
* Organizational Units — Inheritance of OUs. In a hierarchy of OUs, what are the permissions of an OU lower in the tree? Can it override permissions set above it?
* Access Groups and OUs — Where are OUs used? Where is an Access Group a better option?
* Groups — What are all the different types of groups? Which are used when?
* Groups — What is a Collaborative inbox? What is the use case for a collaborative inbox?
* Groups — What is a web forum? What is the use case for it?
* Mail — SPF, DKIM, DMARC. What are these technologies? How are they useful? How do they make email secure?
* Mail — SPF, DKIM, DMARC — how do you set it? Where do you set it? What are the configuration parameters and what do they indicate?
* Mail — why has email not reached? why is email not seen? How to analyze it using email logs?
* GSuite Toolbox — what is this? How do you use this to investigate issues in your G Suite setup?
* Mail — interaction between different email servers. You might have a situation where you have to manage multiple mail servers, probably from different vendors and not just G Suite. How do you get them to interact correctly. Where should mail go first? Who should forward to whom?
* Mail — email whitelist and blocked list. You want to be able to let through some mail and block other types.
* Security — What are phishing attacks? How to identify them? How to audit and get reports?
* Mail — split and dual delivery. For what use cases are they used?
* Mail — Forwarding email. Admin configuration vs user configuration.
* Mail — what is a recipient map? Where would you use it?
* Mail — how do you ensure consistent company footers and other organisational settings for all email? Or maybe only for external mail?
* Mail — how do you configure routes?
* Mail — which routing settings can you set at an OU level and which at the organization level?
* Mails — SMTP relay, where would you use it and what are the pre-conditions.
* Calendar — Shared Calendar and Calendar resources. Can you have resources attached to only a specific calendar?
* Calendar — how do you sync calendar info when migrating to G Suite.
* Drive — Team Drive. How do you share information among teams?
* Drive — Sharing. What happens when employees are terminated? Who owns their files? How to transfer them? Until how late after the user has been terminated can you share the data?
* Vault — retention rules, searching for data, auditing, reports, exporting.
* Vault — creating a matter and sharing it.
* Security — DLP, and what does it solve. What are some of the pre-built rules?
* Security — Methods to manage data exfiltration.
* Devices — How to push wifi connection info to devices?
* Security — Has there been a data leak? How could you figure it out? And if yes, what to do about it?
* Releases — How to stay updated on G Suite info? There is the Release Calendar and the G Suite Blogs. Which is useful for what kind of info? Cloud Connect Community also has forums that share some information.
* Users — what are onflicting accounts? https://support.google.com/a/answer/7062710
* Users — how to resolve conflicting accounts with the transfer tool? https://gsuiteupdates.googleblog.com/2017/02/resolve-conflicting-accounts-with-new.html
* Groups — what are the access settings for groups? Open to all? Restricted to a few?
* Drive/Security/Reports — get reports about files shared externally, internally, when permissions were changed, etc.
* Mail — troubleshoot mail headers. What is the direction of mail flow — bottom to top or top to bottom?
* Mail — in what circumstances are mail headers useful and when not? Sometimes examining mail headers give you no worthwhile info and sometimes they will.
* Mail — Configuring Inbound and Outbound Gateways. When do you use them as opposed to other routing settings?
* Mail — Gateways — where do you configure them?
* Mail — Gateways — in a mail header, how do you figure out which were the gateways?
* Mail — How many copies of a mail are there when you do dual, split delivery, message forwarding, recipient map, etc.
* Mail — Delegating access to somebody else’s email box.
* Roles — how do you create custom roles?
* Vault — Recovering deleted data from mail, drive, etc. Know how long data is retained when it is deleted. Where is it retained? What settings do you need for it to be retained?
* Mail — What is an SMTP envelope?
* Mail — Learn how to decode email headers at least to the extent of understanding mail delivery failure, which gateways’ SPF/DKIM/DMARC records are checked, etc.
* Device — enrolment permissions and controls. (https://support.google.com/chrome/a/answer/2657289#device_enroll_permission)
* Audits — differences between the various logs/audits — admin, saml, email, login.
* Security — dashboard — what information can you get from here?
* Reports — Aggregate reports — what info does it show you?
* Reports — Where to find the reports? Via gmail, via security center, via reports?
* Reports — Using BigQuery in combination with audit data and reports.
* What is a HAR file? What is it used for?
* Device — what approaches to updating Chromebook? Should you do it all together? Scatter it randomly?
* Device — what kind of devices can you administer remotely?
* Device — can you automatically give network connection information without sh
* Apps Script — no code, but know basics of how this works and what you can do with it. You don’t have to do programming in it, but know what it is capable of.
* AppsScript — Are there easier ways though than writing your own scripts? Know the tools that are available. A best practice is to use Google recommended/built tools than rolling your own.
* AppMaker — know what this is and where it might be used. But doing exercises on it isn’t necessary.
* Apps — what are the parts of a SAML configuration? What do you need to provide if you are a developer of the app and what if you are a user?
* Alerts — how can you set alerts to notify you on certain events?
* Hangouts — How do you setup and configure Hangouts hardware?
* Hangouts/Calendar — what are the ways you can configure hangouts via calendar?
* Hangouts/Calendar — can you give exclusive access to some users to certain resources?
* Mail — what are consumer gmail accounts? How do you integrate them into G Suite enterprise accounts?
* Mail — what happens to external accounts created using the same mail id on services like AdWords, Analytics, Twitter, etc.?
* Mail — what are conflict accounts? How do you resolve them? How do you use the transfer tool?