Topic 1 Question 220
During a recent audit of your existing Google Cloud resources, you discovered several users with email addresses outside of your Google Workspace domain. You want to ensure that your resources are only shared with users whose email addresses match your domain. You need to remove any mismatched users, and you want to avoid having to audit your resources to identify mismatched users. What should you do?
Create a Cloud Scheduler task to regularly scan your projects and delete mismatched users.
Create a Cloud Scheduler task to regularly scan your resources and delete mismatched users.
Set an organizational policy constraint to limit identities by domain to automatically remove mismatched users.
Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users
ユーザの投票
コメント(6)
- 正解だと思う選択肢: D
Its D. "The domain restriction constraint is not retroactive. Once a domain restriction is set, this limitation will apply to IAM policy changes made from that point forward, and not to any previous changes.". Link: https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains
👍 3joao_012023/09/13 - 正解だと思う選択肢: D
https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - Domain restricted sharing
If this constraint is active, only principals that belong to the allowed customer IDs can be added to IAM policies. It doesn't specifically say, but I think it doesn't get rid of existing principals.
👍 2juliorevk2023/08/04 - 正解だと思う選択肢: D
In order to define an organization policy, you choose a constraint, which is a particular type of restriction
👍 23arle2023/08/06
シャッフルモード