三叉戟

领域专家的成长记录

用户工具

站点工具

您的足迹:
resources:courses:gws_c3

差别

这里会显示出您选择的修订版和当前版本之间的差别。

到此差别页面的链接

两侧同时换到之前的修订记录前一修订版
后一修订版		前一修订版
resources:courses:gws_c3 [2025/01/23 17:35] jackiezresources:courses:gws_c3 [2025/01/23 18:06] (当前版本) jackiez
行 182: 行 182:
   - From Security > API Permissions, ensure Trust domain owned apps is disabled. From Security > API Permissions > MANAGE GOOGLE SERVICES, restrict access to the Gmail and Drive services.   - From Security > API Permissions, ensure Trust domain owned apps is disabled. From Security > API Permissions > MANAGE GOOGLE SERVICES, restrict access to the Gmail and Drive services.
   - Disable Gmail and Drive API access from the top level organization settings   - Disable Gmail and Drive API access from the top level organization settings
 +
 +## 练习1
 +Security>Alert Center
 +{{:resources:courses:pasted:20250123-173726.png}}
 +发现有一个高危警报,User suspended
 +{{:resources:courses:pasted:20250123-174042.png}}
 +{{:resources:courses:pasted:20250123-174111.png}}
 +找到TLS Failure
 +{{:resources:courses:pasted:20250123-174329.png}}
 +{{:resources:courses:pasted:20250123-174354.png}}
 +{{:resources:courses:pasted:20250123-175356.png}}
 +系统预设的Rule只能设置Email通知(被触发时)
 +## 练习2
 +Reporting>User reports>Accounts,使用密码强度来筛选,查看结果
 +## Security Center
 +  - Security best practice
 +  - Analytics
 +  - Actionable insights
 +
 +还可以查看各类设置的状态,比如
 +  - Automatic email forwarding
 +  - Device encryption
 +  - Drive sharing settings
 +
 +查看各类报警,比如
 +  - External file share activity
 +  - Authenticated messages
 +  - Suspicious device activities
 +  - Failed password attempts
 +
 +Dashboard里则有各种图表,另外,还可以查看Log
 +  - Access device-log data
 +  - Access data about Gmail messages
 +  - Access Gmail log data
 +  - Access Drive log data
 +举例来说,我们可以通过Query来确认,是否有如下行为
 +  - Delete specific messages
 +  - Mark messages as spam or phishing
 +  - Send message to quarantine
 +  - Send message to users' inboxes
 +
 +<note>这些与MS家的EDR中的Query有些类似,要学会写Query语句</note>
 +## 测试4
 +<q>Which of the following statements is NOT TRUE about the alert center?</q>
 +  - **The alert center consolidates all admin created email alerts into one place**
 +  - The alert center enables you to view alerts and alert details directly in the admin console
 +  - The alert center includes additional in-depth details that enable you to take action to resolve numerous issues that might affect your organization
 +
 +<q>When examining messages in the security investigation tool what actions can you apply to a message? (Choose 3)</q>
 +  - **Delete message**
 +  - **Mark message as spam**
 +  - Forward tot self
 +  - **View header**
 +
 +<q>You have been asked by your CEO to provide a list of users who have not yet enrolled into 2-step Verification. Where can you find that information?</q>
 +  - Access Transparency Audit log
 +  - Users Security log
 +  - The Admin Audit log
 +  - **Users Account Activity Report**
 +
resources/courses/gws_c3.1737621334.txt.gz · 最后更改: 2025/01/23 17:35 由 jackiez