Exam Associate Google Workspace Administrator topic 1 question 7 discussion

" You do not want to be overly restrictive." - A is too restrictive since it impacts the entire domain from sharing externally. C is the most correct answer.

It's Option A. Option C is more complex to setup and maintain. They require careful planning and ongoing management. Furthermore, DLP might not cover all aspects o finternal domain sharing, whereas the drive sharing options to internal ensure that all data regardless of content is restricted to your organizations domain.

These options are not ideal. Creating an organizational unit (OU) for the temporary employees and applying custom sharing settings would be the best approach. However, for the sake of this excersise, since it specifies not to be overly restrictive, configuring the Drive sharing settings for the entire domain to internal only would not be ideal. Therefore, creating a DLP rule to track and target specific sensitive content would be the most appropriate solution in this case.

By configuring the Drive sharing options for your domain to "internal only," you ensure that sensitive project data is restricted to your organization's internal users. This prevents any external sharing while allowing your team members to collaborate freely within the organization. It strikes the right balance between maintaining security and avoiding unnecessary restrictions on collaboration.

Opción C (Regla DLP): Cumple ambos requisitos. Se enfoca solo en los archivos identificados como "sensitive internal project". Aplica la acción (bloquear compartición externa) solo a esos archivos específicos. No interfiere con la capacidad de los usuarios de compartir otros archivos externamente si la política general lo permite.

DLP rules allow to restrict access to specific sensitive project data, helping prevent confidential data from leaking while avoiding unnecessary restrictions.

Don't love these choices. A should be applied to an OU that only has the temporary employees in it. OR the words of A should be to a Shared Drive for the project, not to the whole "domain"