Google Workspace Associate Administrator — Question 50

Your security team is concerned about disgruntled employees downloading large amounts of intellectual property. You need to create an automatic notification if any user downloads more than 500 files from Google Drive within a one-hour period. What should you do?

Answer options

• A. Configure a Data Loss Prevention (DLP) rule for Drive.
• B. Use the alert center to review Drive audit logs for instances where users download a large number of files.
• C. Create an activity rule in the security investigation tool to monitor Drive download events. Set a threshold to trigger an alert.
• D. Set up an alert within Google Cloud Monitoring to track the number of Drive API calls and trigger a notification when a user makes an excessive number of download requests.

Correct answer: C

Explanation

The correct answer is C because creating an activity rule in the security investigation tool allows you to set specific thresholds for download events, which directly meets the requirement of monitoring downloads. Option A focuses on preventing data loss rather than monitoring, while B only reviews past logs without automation, and D tracks API calls rather than direct downloads, making them unsuitable for this scenario.