GCP Professional Cloud Security Engineer Practice Question
Your company uses Cloud Identity Premium and synchronizes on-premises Active Directory accounts to Google Cloud with Google Cloud Directory Sync (GCDS). Contractors are frequently removed from AD, and security policy mandates that their Google Cloud access be revoked within 60 minutes of account removal. What is the most effective way to meet this requirement while keeping administrative effort low?
Replace GCDS with periodic CSV uploads of active users and instruct project owners to manually remove IAM bindings when contractors depart.
Create an alert that emails administrators when a terminated contractor attempts to sign in, and require them to delete the Cloud Identity account within an hour.
Deploy Cloud Functions in each project that call the Admin SDK Directory API hourly to compare Cloud Identity with Active Directory and remove missing users.
Configure the GCDS job to run every 15 minutes and set the User Deletion/Suspension action to suspend any account no longer found in Active Directory.
GCDS performs one-way synchronization from the LDAP directory to Google Cloud. When a user account no longer exists in Active Directory, GCDS can automatically suspend (or delete) the corresponding Cloud Identity account, provided the Sync deletion/suspension rule is enabled. By scheduling the GCDS job to run more frequently-every 15 minutes in this scenario-the longest period an orphaned Google account can remain active is one sync interval, well under the 60-minute limit. The other options either rely on manual intervention (which is error-prone and not guaranteed to meet the SLA), require custom development and maintenance that outweighs a simple schedule change, or abandon automated synchronization entirely and place the burden on individual project owners-none of which satisfies the goal of minimizing operational overhead while ensuring timely de-provisioning.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Google Cloud Directory Sync (GCDS)?
Open an interactive chat with Bash
What is the User Deletion/Suspension action in GCDS?
Open an interactive chat with Bash
Why is a 15-minute sync interval preferred for revoking access?
Open an interactive chat with Bash
What is Cloud Identity Premium and how does it integrate with Google Cloud?
Open an interactive chat with Bash
How does Google Cloud Directory Sync (GCDS) work with Active Directory?
Open an interactive chat with Bash
What is the role of the User Deletion/Suspension rule in GCDS?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .