G Professional Collaboration Engineer Practice Exam

How should you grant access for an internal, domain-owned G Suite app to utilize Google Drive APIs?

• A. Enable all API access for Google Drive.
• B. Enable "trust domain owned apps" setting.
• C. Add OAuth Client ID to Google Drive Trusted List.
• D. Whitelist the app in the G Suite Marketplace.

The correct answer is: Add OAuth Client ID to Google Drive Trusted List.

To grant access for an internal, domain-owned G Suite app to utilize Google Drive APIs, it is essential to add the OAuth Client ID to the Google Drive Trusted List. This process allows domain administrators to control and specify which applications can access Google Drive data on behalf of users within their organization. By adding the OAuth Client ID to the Trusted List, the app is given the necessary permissions to operate without requiring additional user consent each time it accesses Drive resources. This is critical for internal applications where automated access is frequent, ensuring that interactions between the app and Google Drive services are both secured and streamlined. Utilizing this approach aligns with Google’s security best practices, as it helps maintain the integrity and confidentiality of user data by strictly regulating its access points. Additionally, while enabling all API access for Google Drive or trusting domain-owned apps may sound beneficial, they could impose broader permissions than necessary, which can expose the organization to risks. Whitelisting apps in the G Suite Marketplace is irrelevant in this context, as it pertains to third-party apps rather than internal domain-owned applications. Thus, adding the OAuth Client ID to the Trusted List is the most precise and secure method for enabling the internal app’s functionality with Google Drive APIs.