Exam Professional Google Workspace Administrator topic 1 question 34 discussion

"Cut off and block all future add-ons" is different to "restricted / limited access".

B. Set all API services to “restricted access” and ensure that all connected apps have limited access.

Question says "The admin team wants you to cut off all add-ons access to Workspace data immediately and block all future add-ons until further notice" then why not C, why we will put in restricted access rather than totally cutting it off.

B está correto. Ao definir todos os serviços de API como "acesso restrito", você pode limitar efetivamente o acesso que os aplicativos conectados têm aos dados do Google Workspace. Isso ajuda a resolver as preocupações de segurança levantadas pela sua equipe de segurança em relação a complementos não autorizados e possível exfiltração de dados. Você pode revisar e configurar as permissões concedidas a cada aplicativo conectado para garantir que eles tenham acesso limitado apenas aos dados e funcionalidades necessários.

B. Set all API services to “restricted access” and ensure that all connected apps have limited access.

B is correct By setting all API services to "restricted access," you can effectively limit the access that connected apps have to your Google Workspace data. This helps address the security concerns raised by your security team regarding unauthorized add-ons and potential data exfiltration. You can review and configure the permissions granted to each connected app to ensure they have limited access only to the necessary data and functionality.

Option C would remove all client IDs and scopes from the list of domain-wide delegation API clients, which would prevent all connected apps from accessing Workspace data. However, this would also prevent users from signing into third-party sites with their Workspace accounts.

D is the answer

B is the answer because if you don't set the API to restricted then the users will just use new and other add-ons after you do letter c

B. Set all API services to "restricted access" and ensure that all connected apps have limited access. By setting API services to "restricted access," you can control the access and permissions granted to third-party apps and add-ons. This allows you to review and manage the level of access each app has to Workspace data. Additionally, ensuring that all connected apps have limited access helps minimize the risk of data exfiltration or unauthorized data access. This approach allows users to continue leveraging their Workspace accounts to sign into third-party sites while maintaining control over the add-ons and their access to Workspace data.

Not an answer to this question but there is a new option in settings of Gsuite which will easily satisfy this need - Allow users to access third-party apps that only ask for Google sign-in info

I think the keyword here is "immediately", but want to hear your comments as well?

This must be B; the limited element ensures the Google Sign-in can still be used and the restriction prevents the add-ons to use company data.

I would say C because the option B is not clear, there is an option to block all third party APIs in the Admin Console > APIs section but is not listed here and API services to "restricted access" is not clear because it says that all connected apps have limited access.. In case you need documentation, juti028 already left the link: https://support.google.com/a/answer/162106?hl=en&fl=1#zippy=%2Cview-edit-or-delete-clients-and-scopes

Anyone do you think base on the question the answer is Letter B?

Correct answer - C https://support.google.com/a/answer/162106?hl=en#zippy=%2Cview-edit-or-delete-clients-and-scopes:~:text=View%2C%20edit%2C%20or,immediately%20stop%20working.