GCP Professional Cloud Security Engineer Practice Question
Your company uses Microsoft Active Directory as the authoritative directory. Google Cloud Directory Sync (GCDS) currently provisions users and groups into Cloud Identity, so employees authenticate with passwords stored in Google. Security now requires that:
Google must stop storing or validating user passwords,
Password changes in Active Directory must take effect immediately when users access Google Workspace,
Existing group synchronization must continue. Which approach best satisfies all requirements while introducing the fewest changes to the existing Google identities?
Enable Google Cloud Secure LDAP for authentication and disable SAML single sign-on while leaving GCDS in place for groups.
Retain GCDS for user and group provisioning but configure Google Workspace for SAML single sign-on that redirects authentication to an AD FS identity provider.
Export users from Active Directory to a CSV file, import them into Cloud Identity, disable GCDS, and have users reset their Google passwords.
Replace GCDS with Workforce Identity Federation so Google Workspace relies on short-lived tokens issued by Active Directory and stop synchronizing directory objects.
Keeping GCDS maintains the existing, automated provisioning and de-provisioning of users and groups. Adding a SAML-based single sign-on configuration with AD FS (or another IdP backed by Active Directory) delegates authentication to the on-premises IdP. Because Google no longer validates passwords, it no longer stores them, and any password change in Active Directory is immediately honored the next time a user authenticates. The other options either break group synchronization (Workforce Identity Federation), fail to remove Google-stored passwords (Secure LDAP or CSV import), or add significant operational overhead.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is GCDS and why is it used in this solution?
Open an interactive chat with Bash
How does SAML single sign-on (SSO) work with AD FS?
Open an interactive chat with Bash
Why does Workforce Identity Federation not meet the requirements?
Open an interactive chat with Bash
What is Google Cloud Directory Sync (GCDS) and how does it work?
Open an interactive chat with Bash
What is SAML single sign-on (SSO) and how does it integrate with AD FS?
Open an interactive chat with Bash
Why is Workforce Identity Federation not suitable for this scenario?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .