What should your team do to meet these requirements?

Professional Cloud Security Engineer V3 0 Comments

Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.

What should your team do to meet these requirements?
A . Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
B . Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
C . Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
D . Use the Admin SDK to create groups and assign IAM permissions from Active Directory.

Answer: A

Explanation:

"In order to be able to keep using the existing identity management system, identities need to be synchronized between AD and GCP IAM. To do so google provides a tool called Cloud Directory Sync. This tool will read all identities in AD and replicate those within GCP. Once the identities have been replicated then it’s possible to apply IAM permissions on the groups. After that you will configure SAML so google can act as a service provider and either you ADFS or other third party tools like Ping or Okta will act as the identity provider. This way you effectively delegate the authentication from Google to something that is under your control."

Latest Professional Cloud Security Engineer Dumps Valid Version with 93 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download Professional Cloud Security Engineer PDF     Professional Cloud Security Engineer Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments