You are configuring Gmail for your company and want to implement a layered security approach. You decide to implement industry-standard email authentication protocols. What should you do? Choose 2 answers
Correct Answer: C,E
To implement industry-standard email authentication protocols as part of a layered security approach for Gmail, you should configure DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) records for your domain. These protocols are crucial for verifying the sender's identity and ensuring the integrity of email messages. Here's a breakdown of why options C and E are correct and why the others are not primarily email authentication protocols or best practices in this context: C . Configure DKIM to digitally sign outbound emails and verify their origin. DKIM adds a digital signature to the headers of outbound emails. This signature is verified by receiving mail servers using a public key published in your domain's DNS records. DKIM helps to confirm that the email was indeed sent from your domain and that its content has not been altered in transit. It is a key email authentication protocol that enhances deliverability and protects against email spoofing. Associate Google Workspace Administrator topics guides or documents reference: The official Google Workspace Admin Help documentation on "Help prevent email spoofing with DKIM" (or similar titles) explains how to set up DKIM for your domain. It details the process of generating a DKIM key, adding the public key as a TXT record in your DNS, and enabling DKIM signing in the Google Admin console. The documentation emphasizes DKIM's role in authenticating outbound mail and improving email security. E . Set up SPF records to specify authorized mail servers for your domain. SPF is a DNS-based email authentication protocol that allows you to specify which mail servers are authorized to send emails on behalf of your domain. Receiving mail servers check the SPF record in the sender's domain's DNS to verify if the sending server's IP address is listed as authorized. This helps to prevent spammers from forging the "From" address of your domain. Associate Google Workspace Administrator topics guides or documents reference: The Google Workspace Admin Help documentation on "Help prevent spoofing with SPF" (or similar titles) guides administrators on creating and publishing SPF records in their domain's DNS. It explains the syntax of SPF records and how they help receiving servers validate the sender's origin, thus reducing spoofing and improving deliverability. Now, let's look at why the other options are not the primary choices for implementing industry-standard email authentication protocols: A . Enable a default email quarantine for all users to isolate suspicious emails and determine if the messages haven't been authenticated. Email quarantine is a security feature that holds potentially harmful or suspicious emails for review. While it can help manage unauthenticated emails, it is a response to potential authentication failures or suspicious content, not an authentication protocol itself. Quarantine helps in handling emails that fail authentication checks (like SPF or DKIM) or are flagged by other security measures. Associate Google Workspace Administrator topics guides or documents reference: Documentation on Gmail quarantine settings explains how to configure them to manage suspicious emails, including those that may not be properly authenticated. It's a post-authentication handling mechanism. B . Configure a blocked senders rule to block all emails from unknown senders. Blocking all emails from "unknown senders" is an overly aggressive and impractical approach for most organizations, as you will likely receive legitimate emails from new contacts or domains. While you can create blocklists, it's not a standard email authentication protocol and can lead to significant disruption of email flow. Associate Google Workspace Administrator topics guides or documents reference: Gmail's blocking features allow users and administrators to block specific addresses or domains, but blocking all unknown senders is not a recommended security practice. D . Disable IMAP for your organization to prevent external clients from accessing Gmail. Disabling IMAP can enhance security by limiting how users access their email, potentially reducing the risk of compromised third-party applications. However, it is not an email authentication protocol that verifies the sender of an email. It controls access to the mailbox, not the authentication of emails received or sent. Associate Google Workspace Administrator topics guides or documents reference: Documentation on managing IMAP and POP access explains how to enable or disable these protocols for users, focusing on access methods rather than email sender authentication. Therefore, the two correct answers for implementing industry-standard email authentication protocols are configuring DKIM to sign outbound emails and setting up SPF records to specify authorized sending servers.
Question 2
Your company is using Google Workspace Enterprise Standard. They have 200 meeting rooms defined for the main building and used daily by the 12,000 employees. Users are complaining they have difficulties finding a room available when searching within Google Calendar, even if several rooms are available (no one attending meetings in these rooms at that time). You have been asked to find a solution while minimizing the operational effort and avoiding any new expenses due to budget constraints. What should you do?
Correct Answer: C
Question 3
As the Workspace Administrator, you have been asked to enable the help desk team to share incoming support requests from end users The help desk team has ten users who need to respond to support requests that are sent to a help desk email address. The users must be able to respond by email and assign ownership of tickets. Finally, the help desk team is highly mobile and will need to manage help desk tickets from their mobile devices. How would you provide this functionality for the help desk team?
Correct Answer: A
To enable the help desk team to manage incoming support requests, the most efficient solution is to configure a Google Group as a collaborative inbox. This setup allows the team to respond to emails, assign ownership of tickets, and collaborate effectively. Collaborative inboxes are designed for such use cases and provide the necessary functionality, including mobile access, without requiring additional third-party tools. References: * Google Workspace Admin Help - Set up a collaborative inbox
Question 4
Your company's Chief Information Security Officer has made a new policy where third-party apps should not have OAuth permissions to Google Drive. You need to reconfigure current settings to adhere to this policy. What should you do?
Correct Answer: B
Question 5
Your company's security team should be able to investigate unauthorized external file sharing. You need to ensure that the security team can use the security investigation tool and you must follow the principle of least privilege. What should you do?
Correct Answer: D
By creating a custom admin role with security center privileges, you can ensure that the security team has the necessary access to investigate unauthorized external file sharing while adhering to the principle of least privilege. This approach provides the security team with the specific permissions they need without granting unnecessary broader privileges, such as those associated with the super admin role.
