Topic 1 Question 11
Your customer is moving an existing corporate application to Google Cloud Platform from an on-premises data center. The business owners require minimal user disruption. There are strict security team requirements for storing passwords. What authentication strategy should they use?
Use G Suite Password Sync to replicate passwords into Google
Federate authentication via SAML 2.0 to the existing Identity Provider
Provision users in Google using the Google Cloud Directory Sync tool
Ask users to set their Google password to match their corporate password
解説
Provision users to Google's directory The global Directory is available to both Cloud Platform and G Suite resources and can be provisioned by a number of means. Provisioned users can take advantage of rich authentication features including single sign-on (SSO), OAuth, and two-factor verification. You can provision users automatically using one of the following tools and services: Google Cloud Directory Sync (GCDS)
Google Admin SDK -
A third-party connector - GCDS is a connector that can provision users and groups on your behalf for both Cloud Platform and G Suite. Using GCDS, you can automate the addition, modification, and deletion of users, groups, and non-employee contacts. You can synchronize the data from your LDAP directory server to your Cloud Platform domain by using LDAP queries. This synchronization is one-way: the data in your LDAP directory server is never modified. Reference: https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#authentication-and-identity
ユーザの投票
コメント(1)
- 正解だと思う選択肢: B
The right answer should be B. Please, refer to best practises: https://cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations#federate-your-identity-provider-with-gcp
👍 2Davidik792021/12/28
シャッフルモード