Free Google-Workspace-Administrator Actual Exam Questions - Question 11 Discussion
Google Workspace login logs, you have determined that in several cases, the stolen credentials have
been used in countries other than the ones your organization works in. What else can you do to
increase your organization's defense-in-depth strategy?
Maybe A. Blocking known malicious IPs can immediately stop suspicious login attempts, which is quicker to implement compared to changing passwords or device management setups.
A/C? Blocking malicious IPs is a quick way to cut off known bad actors without waiting for users to change passwords, which might not stop current breaches fast enough. Higher complexity helps but won’t stop stolen creds alone.
D imo, adds device-level control which can catch misuse even if creds are stolen.
Good point about blocking IPs being a quick fix but limited. I think B is stronger because it sets a broader policy preventing access from unauthorized regions altogether. Definitely a better long-term move than just IP blocks. B
Makes sense to focus on location-based controls here. Option B stands out to me because it blocks access from any geo locations outside where the company operates, which directly targets the problem of stolen credentials being used abroad. A and D can help but are more reactive or device-specific, so less comprehensive for this case. C just improves passwords but won’t stop stolen creds from being abused if they’re still valid. So B is the best proactive step to prevent unauthorized logins from unexpected countries.
Maybe D adds an extra layer by managing device access, complementing location restrictions.
A/B? Blocking IPs (A) can help immediately but might miss new attacker IPs, while Context-Aware Access (B) stops access from whole regions outside your business area, making it more proactive for this scenario.
B/D? B seems solid because it restricts access by location, directly stopping logins from unexpected countries. But D also adds value by tying access to managed devices and their locations, which helps if attackers try from unapproved devices even inside allowed geos. A feels a bit reactive since malicious IPs can change fast, and C doesn't really address the bigger issue of where the logins are coming from. So, combining geo-based access with device management sounds like a stronger defense overall.
Maybe A is worth considering since blocking known malicious IPs can immediately cut off some of the unauthorized access attempts, adding a quick layer of defense beyond just location restrictions.
Makes sense to go with B here. Blocking access based on geo location directly targets the issue of stolen credentials being used from foreign countries, which seems like the core problem. A’s IP block is reactive and might miss new malicious IPs, while C won’t stop someone who already has valid credentials. D’s geo-fencing is good but more focused on mobile devices, so it might not cover all access points. So B gives a broader, proactive guard against suspicious logins from unexpected locations.
Maybe D could work well here since mobile device management geo-fencing adds a physical layer to access control. Even if credentials get stolen, restricting access to certain devices or locations could stop unauthorized logins. It’s more about controlling where and how users can connect, which complements other methods like blocking IPs or enforcing stronger passwords. Plus, it doesn’t rely solely on identifying bad IPs, which might change often.
A could help by blocking known bad IPs, adding another layer of defense.
Option B makes sense here-blocking access based on location could stop logins from unexpected countries.