Atlassian Cloud Organization Admin Certification ACP-520 Exam Practice Test

Page: 1 / 14
Total 65 questions
Question 1

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 2

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 3

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 4

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 5

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 6

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 7

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 8

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 9

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 10

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 11

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 12

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 13

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 14

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 15

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 16

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 17

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 18

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 19

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 20

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 21

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 22

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 23

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 24

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 25

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 26

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 27

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 28

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 29

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 30

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 31

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 32

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 33

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 34

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 35

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 36

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 37

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 38

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 39

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 40

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 41

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 42

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 43

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 44

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 45

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 46

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 47

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 48

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 49

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 50

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 51

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 52

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 53

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 54

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 55

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 56

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 57

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 58

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 59

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 60

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 61

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 62

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 63

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 64

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 65

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 66

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 67

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 68

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 69

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 70

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 71

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 72

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 73

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 74

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 75

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 76

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 77

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 78

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 79

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 80

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 81

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 82

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 83

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 84

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 85

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 86

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 87

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 88

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 89

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 90

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 91

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 92

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 93

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 94

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 95

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 96

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 97

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 98

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 99

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 100

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 101

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 102

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 103

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 104

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 105

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 106

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 107

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 108

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 109

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 110

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 111

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 112

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 113

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 114

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 115

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 116

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 117

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 118

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 119

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 120

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 121

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 122

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 123

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 124

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 125

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 126

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 127

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 128

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 129

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 130

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 131

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 132

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 133

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 134

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 135

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 136

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 137

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 138

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 139

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 140

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 141

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 142

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 143

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 144

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 145

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 146

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 147

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 148

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 149

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 150

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 151

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 152

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 153

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 154

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 155

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 156

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 157

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 158

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 159

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 160

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 161

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 162

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 163

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 164

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 165

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 166

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 167

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 168

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 169

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 170

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 171

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 172

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 173

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 174

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 175

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 176

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 177

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 178

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 179

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 180

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 181

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 182

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 183

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 184

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 185

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 186

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 187

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 188

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 189

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 190

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 191

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 192

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 193

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 194

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 195

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 196

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 197

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 198

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 199

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 200

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 201

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 202

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 203

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 204

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 205

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 206

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 207

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 208

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 209

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 210

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 211

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 212

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 213

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 214

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 215

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 216

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 217

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 218

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 219

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 220

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 221

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 222

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 223

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 224

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 225

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 226

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 227

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 228

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 229

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 230

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 231

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 232

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 233

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 234

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 235

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 236

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 237

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 238

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 239

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 240

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 241

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 242

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 243

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 244

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 245

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 246

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 247

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 248

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 249

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 250

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 251

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 252

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 253

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 254

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 255

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 256

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 257

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 258

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 259

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 260

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 261

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 262

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 263

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 264

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 265

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 266

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 267

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 268

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 269

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 270

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 271

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 272

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 273

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 274

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 275

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 276

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 277

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 278

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 279

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 280

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 281

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 282

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 283

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 284

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 285

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 286

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 287

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 288

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 289

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 290

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 291

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 292

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 293

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 294

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 295

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 296

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 297

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 298

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 299

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 300

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 301

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 302

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 303

You received the access request shown below.



Answer : E

This is because the access request shown in the image is for Confluence and the reason stated is ''Needs to access Confluence''. Hence, Monica is granted the User role for Confluence, which allows her to view and edit pages and spaces in Confluence. She is not granted access to any other products or any Product Admin roles, which require higher permissions. She is also added to only one default group, which is the confluence-users group, unless the site admin has changed the default group for Confluence.

Reference= [Approve or deny product access requests], [Manage product access]


Question 304

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 305

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 306

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 307

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 308

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 309

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 310

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 311

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 312

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 313

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 314

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 315

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 316

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 317

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 318

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 319

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 320

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 321

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 322

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 323

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 324

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 325

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 326

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 327

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 328

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 329

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 330

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 331

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 332

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 333

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 334

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 335

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 336

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 337

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 338

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 339

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 340

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 341

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 342

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 343

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 344

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 345

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 346

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 347

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 348

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 349

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 350

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 351

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 352

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 353

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 354

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 355

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 356

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 357

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 358

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 359

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 360

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 361

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 362

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 363

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 364

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 365

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 366

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 367

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 368

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 369

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 370

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 371

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 372

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 373

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 374

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 375

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 376

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 377

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 378

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 379

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 380

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 381

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 382

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 383

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 384

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 385

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 386

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 387

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 388

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 389

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 390

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 391

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 392

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 393

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 394

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 395

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 396

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 397

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 398

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 399

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 400

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 401

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 402

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 403

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 404

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 405

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 406

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 407

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 408

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 409

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 410

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 411

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 412

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 413

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 414

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 415

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 416

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 417

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 418

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 419

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 420

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 421

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 422

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 423

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 424

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 425

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 426

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 427

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 428

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 429

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 430

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 431

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 432

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 433

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 434

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 435

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 436

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 437

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 438

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 439

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 440

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 441

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 442

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 443

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 444

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 445

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 446

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 447

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 448

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 449

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 450

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 451

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 452

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 453

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 454

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 455

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 456

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 457

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 458

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 459

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 460

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 461

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 462

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 463

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 464

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 465

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 466

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 467

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 468

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 469

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 470

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 471

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 472

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 473

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 474

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 475

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 476

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 477

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 478

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 479

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 480

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 481

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 482

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 483

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 484

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 485

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 486

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 487

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 488

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 489

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 490

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 491

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 492

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 493

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 494

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 495

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 496

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 497

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 498

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 499

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 500

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 501

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 502

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 503

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 504

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 505

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 506

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 507

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 508

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 509

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 510

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 511

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 512

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 513

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 514

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 515

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 516

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 517

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 518

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 519

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 520

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 521

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 522

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 523

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 524

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 525

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 526

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 527

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 528

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 529

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 530

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 531

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 532

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 533

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 534

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 535

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 536

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 537

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 538

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 539

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 540

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 541

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 542

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 543

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 544

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 545

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 546

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 547

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 548

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 549

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 550

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 551

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 552

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 553

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 554

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 555

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 556

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 557

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 558

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 559

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 560

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 561

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 562

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 563

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 564

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 565

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 566

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 567

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 568

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 569

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 570

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 571

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 572

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 573

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 574

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 575

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 576

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 577

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 578

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 579

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 580

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 581

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 582

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 583

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 584

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 585

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 586

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 587

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 588

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 589

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 590

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 591

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 592

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 593

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 594

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 595

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 596

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 597

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 598

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 599

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 600

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 601

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 602

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 603

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 604

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 605

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 606

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 607

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 608

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 609

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 610

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 611

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 612

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 613

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 614

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 615

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 616

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 617

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 618

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 619

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 620

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 621

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 622

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 623

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 624

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 625

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 626

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 627

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 628

Which statement is false about Cloud organizations?



Answer : A

Each site in an organization must have a unique name and URL. You cannot have two sites with the same name or URL in the same organization.

Reference Add a new product to your organizationUpdate a product URL to a new URL


Question 629

Your organization has multiple products. You need a count of billable users only for Jira Software, which is on a monthly subscription of the Standard plan on your

site "acme.atlassian.net".

Where can you find this information?



Answer : E

The Billing page shows you the number of billable users for each product on your site, as well as the user tier and the monthly cost. You can filter by product and site to see the specific details for Jira Software on ''acme.atlassian.net''.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage product subscriptions & billing''

Manage your bill for Standard and Premium plans, subsection ''View your bill''

Question 630

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 631

Your products appear as shown.

You have a sandbox for Confluence.

How many additional sandboxes does your organization have?



Answer : A

Currently, you can only create one sandbox for each linked product1. Since you have only two products (Jira Software and Confluence), and you already have a sandbox for Confluence, you cannot create any more sandboxes for your organization.


Question 632

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 633

A secure pathway needs to be configured between a self-managed Jira Software instance and several Atlassian Cloud products.

Identify one configuration step that must be done in a self-managed instance.



Answer : A

Adding an upstream port is one of the configuration steps that must be done in a self-managed instance to enable a secure pathway between a self-managed Jira Software instance and several Atlassian Cloud products. An upstream port is the port on your self-managed instance that receives traffic from the application tunnel. You need to configure the upstream port for each product that you want to connect to the tunnel.

Reference=Configure required connections and upstream portsandCreate an application tunnel to your self-managed instance


Question 634

IT had written a script to return a list of domains in your Cloud organization.

That script is no longer needed and you would like to ensure the script can no longer access that information.

What should you do?



Answer : C

If you want to ensure that the script can no longer access the information about the domains in your Cloud organization, you need to revoke the API key that was used to authenticate the script.An API key is a token that allows you to manage your organization via the admin APIs1.You can create, view, and revoke API keys from the organization settings2.Revoking an API key will invalidate it and prevent any further requests using that key2.

The other options are not relevant or effective for stopping the script from accessing the information. Removing DNS records or removing a verified domain will not affect the API key that was used by the script.It will only affect the verification status of your domain and the management of your users and accounts3. Regenerating a security key will not affect the API key that was used by the script.It will only affect the encryption of your data at rest4. Deleting an IP allowlist will not affect the API key that was used by the script.It will only affect the IP addresses that are allowed to access your organization and products5.


Manage an organization with the admin APIs

Create and revoke API keys

Verify a domain to manage accounts

Regenerate your security key

Set up an IP allowlist

Question 635

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 636

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Question 637

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 638

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 639

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 640

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 641

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 642

Your billing preview appears as shown.

In order to keep your license count in control, you just removed a user who had access to both products.

What will happen to your subscriptions immediately afterward?



Answer : A

Removing a user from an Atlassian Cloud Organization does not affect the subscription plan for the products. The subscription plan remains the same until you change it manually or it expires. The billing preview shows the estimated cost for the next billing cycle based on the current number of users and the subscription plan.If you remove a user, the billing preview will reflect the reduced cost, but the subscription plan will not change12

Reference=Manage product access,Manage your bill for Standard and Premium plans


Question 643

Your organization only has Jira Software and Jira Work Management.

Your directory lists the following users.

How many of these users are considered billable?



Answer : E

Users who have access to at least one product are considered billable. In this case, Clyde, Derek, Earl, Francis, and Anne are billable users. Bob is not billable because he has not accepted the invitation to join the organization.

Reference= [Manage users and user tiers] and [Control how users get access to products]


Question 644

Your organization has several products across several sites.

Ravi went to the People menu within one of the products and invited a teammate.

One or more access requests were generated.



Answer : E

When Ravi invites a teammate to join a product, an access request is generated for that product only. If the teammate needs access to another product on the same site, they can request it themselves or Ravi can invite them again. Therefore, if Ravi wants his teammate to have access to both Confluence and Jira Software, he needs to send two invitations, resulting in two access requests.

Reference Invite users to your siteApprove or deny product access requests


Question 645

You need strict control over the number of active licenses for Jira Software.

What can you do to gain stricter control?



Answer : A

By removing the default group from the Jira Software User product role, you can prevent new users from automatically getting access to Jira Software when they join your site. This way, you can control who gets access to Jira Software and how many licenses are consumed.

Reference Manage product accessProduct roles and permissions


Question 646

You went to the "site-admins" group page.

For the Confluence product on the ACME site, you unselected the User product role.

What does this mean?



Answer : E

By unselecting the User product role for Confluence, you are removing the site-admins group from the default groups that manage roles for that product1.This means that ACME site admins will lose their Confluence admin permissions, such as managing Confluence settings, space permissions, etc2. They will still be able to see Confluence users, but not edit their roles or access.


Question 647

You can perform various actions on a single managed account.

One action can only be performed for all managed accounts from a particular verified domain and not just for one single account.

Identify that action.



Answer : C

Converting a managed account to an unmanaged account requires changing the email address of the account to a domain that is not verified by the organization. This action can only be done for all accounts from a verified domain, not for individual accounts.

https://support.atlassian.com/user-management/docs/make-changes-to-a-managed-user-account/


Question 648

Previously, your company had two Cloud organizations as shown.

Just now, all products from Original were transferred to Destination. Afterward, Original was deleted.

How does Jira Software appear on the Overview page of the Destination organization?



Answer : C

After the products from Original were transferred to Destination, Jira Software will appear as a single product under the Destination URL. This is because the Original organization was deleted, so there is no longer a separate URL for it.


How to prepare for ACP-520: Atlassian Cloud Organization Admin Certification, section ''Manage multiple sites and products''

Transfer products to another organization, subsection ''What happens after you transfer products?''

Question 649

You deleted the group "jira-software-users-acme".

Identify a possible impact in the Jira Software product.



Answer : B

Deleting the group ''jira-software-users-acme'' means that all the users in that group lose their product access to Jira Software1.This means that they can no longer perform any actions that require the Jira Software User role, such as updating an agile board2. The other options are not directly affected by deleting the group, as they depend on other factors such as personal settings, Confluence permissions, service project roles, and API tokens.


Manage product access

Manage product roles

Question 650

Your company has a single Atlassian Cloud organization.

Atlassian Access discovered "shadow IT".

Which statement explains how this occurred?



Answer : A

Shadow IT refers to the product creation and usage administered outside of an organization's IT department, which can lead to unexpected costs, security and compliance concerns, and operational complexity1.Atlassian Access is a service that provides enhanced security and governance features for Atlassian Cloud products, such as SAML SSO, user provisioning, enforced two-step verification, and audit logs2.Atlassian Access also offers a feature called automatic product discovery, which helps admins discover and manage the shadow IT products created by their managed users1.

A managed user is a user whose account is on a domain that is verified by an organization3.A verified domain is a domain that an organization has proven ownership of by adding a DNS or HTTPS record4. For example, if an organization verifies the domain acme.com, then any user with an email address ending with @acme.com is a managed user of that organization.

A product is an instance of an Atlassian Cloud product, such as Jira Software, Confluence, Bitbucket, or Trello5.A product belongs to a site, which is a collection of products that share a URL and administration settings6.A site belongs to an organization, which is a way to group and manage multiple sites and products under one central admin console7.

A managed user can create a product in another Cloud organization by using their work email address to sign up for a new site or join an existing site that is not owned by their organization1. This creates a shadow IT product that is not visible or controlled by their organization's admins.Atlassian Access can discover these shadow IT products by scanning the domains of all Atlassian Cloud products and matching them with the domains of the organizations that have Atlassian Access enabled1. Atlassian will proactively send an email to the organization admins with the number of shadow IT products created by their managed users and what the exact shadow IT product is.Within admin.atlassian.com, organization admins can also view additional information, such as the owner of these products, how many users are in that product, and the date it was created1.

Therefore, the statement that explains how Atlassian Access discovered shadow IT is that one of your managed accounts created a product in another Cloud organization.


Automatic product discovery in Atlassian Access

Atlassian Access: Enhanced Cloud Data Security & Governance

What is a managed account?

Verify a domain to manage accounts

What is a product?

Understand Atlassian sites and organizations

What is an Atlassian organization?

Question 651

Martha needs to be able to use and update global templates and blueprints.

Which product access configuration is correct for Martha?



Answer : D

Martha needs to be able to use and update global templates and blueprints. The correct product access configuration for Martha is Confluence Administration with Product admin role. This role allows her to manage global templates and blueprints, as well as other site-wide settings for Confluence. She also needs the User role for Confluence to access and edit pages.

Reference=Manage product access,Administer global templates


Question 652

Your organization only has the following two products:

Which feature can you configure in your organization?



Answer : D

Organization insights is a feature that provides analytics and reports on your organization's users, products, and security. You can access it from the Insights tab in your organization settings.Organization insights is available for all Atlassian cloud products and plans1.


View organization insights

Question 653

Your Cloud organization has multiple products on multiple sites.

Currently, Edmund is a brand new user with no product access.

You selected Edmund from Directory > Users, clicked "Add products", and set the User product role from the Product roles dropdown for a single product on

a single site. For all other products, the Product roles dropdown was None.

Which is NOT a possible outcome for Edmund?



Answer : F

The only outcome that is not possible for Edmund is that he is granted org admin privileges. This is because org admin privileges are not related to product access or product roles, but to organization settings and management. To grant Edmund org admin privileges, you would need to go to Settings > Organization admins and add him there. The other outcomes are possible depending on the product access settings and the groups that Edmund belongs to.

Reference= [Give users access to products] and [Manage organization admins]


Question 654

Arun sees two filters that show issues from a particular Jira Software project.

Yesterday, he received two filter subscriptions based on those two filters.

This morning, he can still see all the issues on his agile board, but he only received one of the filter subscriptions.

Identify a possible cause.



Answer : C

If a group that was used to share a filter or a dashboard was deleted, the users who belonged to that group would no longer receive the filter subscriptions or see the dashboard .


[Manage shared filters and dashboards]

[Manage users, groups, permissions, and roles in Jira Cloud]

Question 655

You are an org admin. Your organization contains the two users shown below.

Which statement is true?



Answer : E

As an organization admin, you can delete both managed and unmanaged accounts. Managed accounts are those that belong to your organization and are verified by a domain or an allowlist. Unmanaged accounts are those that do not belong to your organization and are not verified by a domain or an allowlist. Deleting an account removes the user's access to all Atlassian products and services, and deletes their personal data.


Page:    1 / 14   
Total 65 questions