Changed Google-Workspace-Administrator Exam Questions

Access the Admin Console: Sign in to your Google Admin console.

Navigate to DLP Settings: Click on "Security" and then "Data protection" to access Data Loss Prevention (DLP) settings.

Create New DLP Policy: Click on "Create policy" and configure the policy specifically for shared drive data.

Define Rules: Set up the necessary rules and conditions to match the existing DLP policy for the finance organizational unit.

Apply to Shared Drive: Apply this new policy to the shared drive used by the finance department.

Save and Activate: Save the policy and ensure it is active and enforced for the shared drive.

References:

Google Workspace Admin Help: Set up and manage DLP

Access Admin Console: Log into your Google Workspace Admin Console.

Navigate to Audit Logs: Go to Reports > Audit > Access Transparency Logs.

View Logs: In the Access Transparency Logs, you can see the actions performed by Google staff on your data.

Monitor Actions: Review the logs to understand the actions taken by Google support staff in relation to your support cases.

References

Google Support: Access Transparency

Understanding the Requirement:

The scenario involves a group of users who handle sensitive information and have valuable files in their accounts.

The goal is to protect these users from targeted online attacks.

Options Analysis:

Option A: Enable 2-Step Verification for those users and recommend they use Google Authenticator

2-Step Verification (2SV) enhances security by adding an extra layer of authentication. Google Authenticator is a reliable method, but it may not be sufficient against highly targeted attacks.

Option B: Enable 2-Step Verification for those users and recommend they use SMS codes

While SMS codes are a form of 2SV, they are considered less secure than other methods due to potential vulnerabilities like SIM swapping.

Option C: Disable password recovery for end users

Disabling password recovery can prevent unauthorized access through recovery options but does not provide active protection against targeted attacks.

Option D: Enroll all accounts for those users in the Advanced Protection Program

The Advanced Protection Program (APP) is designed specifically to protect users at high risk of targeted attacks. It includes strong measures such as requiring a physical security key for login, blocking unauthorized access attempts, and restricting access to sensitive data.

Recommended Solution:

Enrolling users in the Advanced Protection Program (APP):

Step 1: Identify High-Risk Users:

Identify users who handle sensitive information and have valuable files.

Step 2: Enroll in APP:

Go to the Google Admin console.

Navigate to the Security section and find the Advanced Protection Program.

Enroll the identified high-risk users in APP.

Step 3: Implement Security Keys:

Ensure users have security keys (e.g., Titan Security Keys) for login.

Guide users through the process of setting up and using security keys.

Step 4: User Education:

Educate users on the importance of APP and how it protects their accounts.

Provide training on recognizing phishing attempts and other security best practices.

Benefits of APP:

Enhanced Security:

APP provides the highest level of security for Google accounts, requiring security keys for authentication.

Protection Against Phishing:

Security keys are highly resistant to phishing attacks, which are common in targeted online attacks.

Limited Access:

APP restricts access to sensitive data, ensuring that only trusted apps and services can interact with the protected accounts.

References:

Google Workspace Admin Help: Advanced Protection Program

Google Workspace Security: Advanced Protection Program

Google Security Blog: Advanced Protection Program

Admin Console: Log into the Google Admin console at admin.google.com.

Security Settings: Navigate to Security > Investigation Tool.

Create an Alert:

Click on "Create activity rule".

In the conditions section, select “Event is” and choose “Login”.

Set the condition to “Suspicious login”.

Alert Details: Configure the alert details, such as who will receive the alert and any additional notification settings.

Save and Activate: Save the rule and activate it to start monitoring for suspicious login attempts.

References

Google Workspace Admin: Manage Alerts

Google Workspace Security: Investigation Tool