Google Workspace Professional Administrator — Question 8

Your organization's information security team has asked you to determine and remediate if a user ([email protected]) has shared any sensitive documents outside of your organization. How would you audit access to documents that the user shared inappropriately?

Answer options

• A. Open Security Investigation Tool-> Drive Log Events. Add two conditions: Visibility Is External, and Actor Is[email protected].
• B. Have the super administrator use the Security API to audit Drive access.
• C. As a super administrator, change the access on externally shared Drive files manually under[email protected].
• D. Open Security Dashboard-> File Exposure Report-> Export to Sheet, and filter for[email protected].

Correct answer: A

Explanation

Option A is correct because it specifically targets the logs for external visibility and the actions of the provided user, making it an effective way to audit inappropriate sharing. Option B is less direct as it involves the Security API, which may not provide immediate visibility into the specific issue. Option C does not audit past actions but rather attempts to change access, and option D involves reporting that could be cumbersome and less precise for this situation.