Free Google-Workspace-Administrator Actual Exam Questions - Question 3 Discussion
just received an alert for a suspicious login attempt. They are trying to determine how frequently
suspicious login attempts occur within the organization. The CISO has asked you to provide details for
each user account that has had a suspicious login attempt in the past year and the number of times it
occurred for each account.
What action should you take to meet these requirements?
Option A feels right since the login audit report specifically tracks suspicious login events, which matches the requirement better than general account activity reports.
It’s D because creating a custom BigQuery query lets you tailor the data exactly by user and time frame, which the standard reports might not break down as precisely for suspicious logins.
Actually, the login audit report (A) might be the best fit here. It’s specifically designed to track login events including suspicious ones, so exporting that could give a clear, comprehensive dataset. The account activity report (C) is broader and might not focus enough on suspicious login attempts. Plus, creating a dashboard (B) or running BigQuery queries (D) seems like extra steps that depend on existing infrastructure. If the goal is to quickly provide historical suspicious login counts per user, pulling from the login audit report should be straightforward and detailed enough.
I’m sticking with C here. The account activity report should have user-specific login info, including suspicious attempts, which matches what the CISO wants. BigQuery queries (D) might be great if you have it set up, but since that’s not confirmed, it feels like a risk. Plus, audit reports (A) might be too broad or not broken down by user. Custom dashboards (B) could work but might not give a full historical export easily. So, C looks like the safest bet to get detailed, user-level suspicious login counts over the past year.
C vs D again, but if BigQuery isn’t confirmed, C’s safer for user-level data.
Option C could be a solid choice here because account activity reports usually track login attempts tied directly to user accounts, which fits the requirement for breaking down suspicious logins per user. The audit report (option A) might be too broad or not focused on suspicious events specifically. Option D depends a lot on whether the organization has all this data in BigQuery already, which we don’t know for sure. So without extra setup, pulling from account activity seems like a more straightforward approach.
Looks like option A is a trap since "login audit report" might not detail suspicious attempts well. D seems right