Topic 1 Question 112

Professional Cloud Security Engineer

Topic 1 Question 112
Your company has been creating users manually in Cloud Identity to provide access to Google Cloud resources. Due to continued growth of the environment, you want to authorize the Google Cloud Directory Sync (GCDS) instance and integrate it with your on-premises LDAP server to onboard hundreds of users. You are required to: ✑ Replicate user and group lifecycle changes from the on-premises LDAP server in Cloud Identity. ✑ Disable any manually created users in Cloud Identity. You have already configured the LDAP search attributes to include the users and security groups in scope for Google Cloud. What should you do next to complete this solution?
- 1. Configure the option to suspend domain users not found in LDAP. 2. Set up a recurring GCDS task.
- 1. Configure the option to delete domain users not found in LDAP. 2. Run GCDS after user and group lifecycle changes.
- 1. Configure the LDAP search attributes to exclude manually created Cloud Identity users not found in LDAP. 2. Set up a recurring GCDS task.
- 1. Configure the LDAP search attributes to exclude manually created Cloud Identity users not found in LDAP. 2. Run GCDS after user and group lifecycle changes.
解説
Reference: https://www.appsadmins.com/blog/your-how-to-for-provisioning-in-g-suite-part-2-users

ユーザの投票
コメント(5)
- 正解だと思う選択肢: A
  Answer is (A). To achieve the requirement "Disable any manually created users in Cloud Identity", configure GCDS to suspend rather than delete accounts if user accounts are not found in the LDAP directory in GCDS. Ref: https://support.google.com/a/answer/7177267
  
  👍 12
  mT32022/05/19
- I think the answer is (A).
  
  When using Shared VPC, a service perimeter that includes projects that belong to a Shared VPC network must also include the project that hosts the network. When projects that belong to a Shared VPC network are not in the same perimeter as the host project, services might not work as expected or might be blocked entirely. Ensure that the Shared VPC network host is in the same service perimeter as the projects connected to the network. https://cloud.google.com/vpc-service-controls/docs/troubleshooting#shared_vpc
  
  👍 3
  Tabayashi2022/04/28
- C. 1. Configure the LDAP search attributes to exclude manually created Cloud Identity users not found in LDAP. 2. Set up a recurring GCDS task.
  
  👍 3
  KillerGoogle2022/05/10
シャッフルモード

解説

ユーザの投票

コメント(5)