Professional Google Workspace Administrator Exam QuestionsBrowse all questions from this exam
Go to Exam

Professional Google Workspace Administrator Exam - Question 34

Your organization recently deployed Google Workspace. Your admin team has been very focused on configuring the core services for your environment, which has left you little time to pay attention to other areas. Your security team has just informed you that many users are leveraging unauthorized add-ons, and they are concerned about data exfiltration. The admin team wants you to cut off all add-ons access to Workspace data immediately and block all future add-ons until further notice. However, they approve of users leveraging their Workspace accounts to sign into third-party sites. What should you do?

Show Answer
Correct Answer: BC

To cut off all add-ons access to Workspace data immediately and block all future add-ons, while still allowing users to leverage their Workspace accounts to sign into third-party sites, you should set all API services to 'restricted access' and ensure that all connected apps have limited access. This approach allows you to control the access and permissions granted to third-party apps and add-ons, reducing the risk of data exfiltration while maintaining the ability for users to sign into authorized third-party sites.

Discussion

16 comments
Sign in to comment
karl19Option: B
Jun 14, 2023

B. Set all API services to "restricted access" and ensure that all connected apps have limited access. By setting API services to "restricted access," you can control the access and permissions granted to third-party apps and add-ons. This allows you to review and manage the level of access each app has to Workspace data. Additionally, ensuring that all connected apps have limited access helps minimize the risk of data exfiltration or unauthorized data access. This approach allows users to continue leveraging their Workspace accounts to sign into third-party sites while maintaining control over the add-ons and their access to Workspace data.

pid
Mar 14, 2023

Not an answer to this question but there is a new option in settings of Gsuite which will easily satisfy this need - Allow users to access third-party apps that only ask for Google sign-in info

jitu028Option: C
Dec 1, 2022

Correct answer - C https://support.google.com/a/answer/162106?hl=en#zippy=%2Cview-edit-or-delete-clients-and-scopes:~:text=View%2C%20edit%2C%20or,immediately%20stop%20working.

juuhcsr1Option: B
Aug 2, 2023

Option C would remove all client IDs and scopes from the list of domain-wide delegation API clients, which would prevent all connected apps from accessing Workspace data. However, this would also prevent users from signing into third-party sites with their Workspace accounts.

Jane1234YIPOption: B
Aug 2, 2023

B is correct By setting all API services to "restricted access," you can effectively limit the access that connected apps have to your Google Workspace data. This helps address the security concerns raised by your security team regarding unauthorized add-ons and potential data exfiltration. You can review and configure the permissions granted to each connected app to ensure they have limited access only to the necessary data and functionality.

Cert1Magic2Option: C
Oct 28, 2023

Question says "The admin team wants you to cut off all add-ons access to Workspace data immediately and block all future add-ons until further notice" then why not C, why we will put in restricted access rather than totally cutting it off.

AsakuraYohOption: B
Dec 17, 2022

Anyone do you think base on the question the answer is Letter B?

jaxclainOption: C
Dec 22, 2022

I would say C because the option B is not clear, there is an option to block all third party APIs in the Admin Console > APIs section but is not listed here and API services to "restricted access" is not clear because it says that all connected apps have limited access.. In case you need documentation, juti028 already left the link: https://support.google.com/a/answer/162106?hl=en&fl=1#zippy=%2Cview-edit-or-delete-clients-and-scopes

MC2442Option: B
Dec 22, 2022

This must be B; the limited element ensures the Google Sign-in can still be used and the restriction prevents the add-ons to use company data.

mutetoOption: C
Dec 27, 2022

I think the keyword here is "immediately", but want to hear your comments as well?

jdoshOption: B
Jun 19, 2023

B is the answer because if you don't set the API to restricted then the users will just use new and other add-ons after you do letter c

[Removed]Option: D
Jul 19, 2023

D is the answer

amministrazioneOption: B
Sep 29, 2023

B. Set all API services to “restricted access” and ensure that all connected apps have limited access.

GomesallefOption: B
Oct 5, 2023

B está correto. Ao definir todos os serviços de API como "acesso restrito", você pode limitar efetivamente o acesso que os aplicativos conectados têm aos dados do Google Workspace. Isso ajuda a resolver as preocupações de segurança levantadas pela sua equipe de segurança em relação a complementos não autorizados e possível exfiltração de dados. Você pode revisar e configurar as permissões concedidas a cada aplicativo conectado para garantir que eles tenham acesso limitado apenas aos dados e funcionalidades necessários.

virat_kohliOption: B
Nov 13, 2023

B. Set all API services to “restricted access” and ensure that all connected apps have limited access.

05fe736Option: C
Jul 2, 2024

"Cut off and block all future add-ons" is different to "restricted / limited access".