Topic 1 Question 215
You are a Cloud Identity administrator for your organization. In your Google Cloud environment, groups are used to manage user permissions. Each application team has a dedicated group. Your team is responsible for creating these groups and the application teams can manage the team members on their own through the Google Cloud console. You must ensure that the application teams can only add users from within your organization to their groups.
What should you do?
Change the configuration of the relevant groups in the Google Workspace Admin console to prevent external users from being added to the group.
Set an Identity and Access Management (IAM) policy that includes a condition that restricts group membership to user principals that belong to your organization.
Define an Identity and Access Management (IAM) deny policy that denies the assignment of principals that are outside your organization to the groups in scope.
Export the Cloud Identity logs to BigQuery. Configure an alert for external members added to groups. Have the alert trigger a Cloud Function instance that removes the external members from the group.
ユーザの投票
コメント(12)
- 正解だと思う選択肢: C👍 2anshad6662023/08/22
- 正解だと思う選択肢: A👍 2anshad6662023/08/25
The correct answer is B. Set an Identity and Access Management (IAM) policy that includes a condition that restricts group membership to user principals that belong to your organization.
An IAM policy is a set of permissions that you can attach to a Google Cloud resource, such as a group. The policy defines who can access the resource and what actions they can perform.
In this case, you can create an IAM policy that restricts group membership to user principals that belong to your organization. This will prevent the application teams from adding users from outside your organization to their groups.
This condition will restrict the policy to users who belong to your organization's domain. Once you have created the policy, you can attach it to the groups that you want to protect. To do this, go to the Groups page in the Google Cloud console and select the groups that you want to protect. Then, click Edit and select the policy that you created.
👍 2GCBC2023/08/27
シャッフルモード