差别

这里会显示出您选择的修订版和当前版本之间的差别。

--- resources:courses:gws_c3 [2025/01/23 17:25] – jackiez
+++ resources:courses:gws_c3 [2025/01/23 18:06] (当前版本) – jackiez
@@ 行 158: / 行 158: @@
 再打开Market，任意安装一个APP，会跳出提示
 {{:resources:courses:pasted:20250123-172502.png}}
+## 测试3
+<q>What happens to already installed applications if you block API access from the Security > API Permissions section?</q>
+  - Already installed applications that use the blocked API will continue to work until the application needs a new OAuth token
+  - **Already installed applications will stop working and OAuth tokens will be revoked**
+  - Already installed applications that use the blocked API will continue to work indefinitely
+  - Already installed applications that use the blocked API will continue to work until the user next signs in to Google Workspace
+<q>What is the expected behavior when a user tries to install a Marketplace app that has not been allowed?</q>
+  - **Users can not attempt to install an application that is not on the allowlist because they only see allowed apps in the Marketplace**
+  - When the user attempts to install the app they will see a message advising that the app cannot be installed because it has not been allowed
+  - Users can install an app that is not in the allowlist but they cannot grant it access to their data so it will not work
+  - The app will appear to install, but it will not function correctly.
+<q>You have been asked to create a allowlist of Marketplace apps to restrict which apps a user can install onto their devices. What must you do first?</q>
+  - **Change the Marketplace settings to allow users to install only allowed applications from Google Workspace Marketplace**
+  - Complete a Domain install for each application that you want to allow
+  - Get your users to Install the Marketplace allowlist app onto each device
+  - Add the names of all the trusted applications to each user's device policy
+<q>Your organization wants to prevent any external application from accessing Gmail and Drive data. How would you ensure such access is prevented?</q>
+  - Disable API access from the Gmail and Drive service settings
+  - **From Security > Access and Data Control > API Controls, ensure Trust domain owned apps is enabled. From Security > Access and Data Control > API Controls > MANAGE GOOGLE SERVICES, restrict access to the Gmail and Drive services.**
+  - From Security > API Permissions, ensure Trust domain owned apps is disabled. From Security > API Permissions > MANAGE GOOGLE SERVICES, restrict access to the Gmail and Drive services.
+  - Disable Gmail and Drive API access from the top level organization settings
+## 练习1
+Security>Alert Center
+{{:resources:courses:pasted:20250123-173726.png}}
+发现有一个高危警报，User suspended
+{{:resources:courses:pasted:20250123-174042.png}}
+{{:resources:courses:pasted:20250123-174111.png}}
+找到TLS Failure
+{{:resources:courses:pasted:20250123-174329.png}}
+{{:resources:courses:pasted:20250123-174354.png}}
+{{:resources:courses:pasted:20250123-175356.png}}
+系统预设的Rule只能设置Email通知（被触发时）
+## 练习2
+Reporting>User reports>Accounts,使用密码强度来筛选，查看结果
+## Security Center
+  - Security best practice
+  - Analytics
+  - Actionable insights
+还可以查看各类设置的状态，比如
+  - Automatic email forwarding
+  - Device encryption
+  - Drive sharing settings
+查看各类报警，比如
+  - External file share activity
+  - Authenticated messages
+  - Suspicious device activities
+  - Failed password attempts
+Dashboard里则有各种图表，另外，还可以查看Log
+  - Access device-log data
+  - Access data about Gmail messages
+  - Access Gmail log data
+  - Access Drive log data
+举例来说，我们可以通过Query来确认，是否有如下行为
+  - Delete specific messages
+  - Mark messages as spam or phishing
+  - Send message to quarantine
+  - Send message to users' inboxes
+<note>这些与MS家的EDR中的Query有些类似，要学会写Query语句</note>
+## 测试4
+<q>Which of the following statements is NOT TRUE about the alert center?</q>
+  - **The alert center consolidates all admin created email alerts into one place**
+  - The alert center enables you to view alerts and alert details directly in the admin console
+  - The alert center includes additional in-depth details that enable you to take action to resolve numerous issues that might affect your organization
+<q>When examining messages in the security investigation tool what actions can you apply to a message? (Choose 3)</q>
+  - **Delete message**
+  - **Mark message as spam**
+  - Forward tot self
+  - **View header**
+<q>You have been asked by your CEO to provide a list of users who have not yet enrolled into 2-step Verification. Where can you find that information?</q>
+  - Access Transparency Audit log
+  - Users Security log
+  - The Admin Audit log
+  - **Users Account Activity Report**