GCP Professional Cloud Security Engineer Practice Question
Your enterprise operates a tightly controlled Microsoft Active Directory forest. You are asked to deploy Google Cloud Directory Sync (GCDS) so accounts and groups appear in Cloud Identity. Security engineers worry the synchronization process might accidentally change or corrupt objects that reside in Active Directory. Given how GCDS works, what should you tell them about its interaction with the on-premises LDAP directory?
GCDS periodically uploads password hashes back into Active Directory to keep credentials synchronized across both systems.
GCDS only reads from the LDAP directory and never issues write operations, so no objects in Active Directory are modified during synchronization.
When an account is suspended in Google Cloud, GCDS deletes the corresponding user object from Active Directory to preserve consistency.
If the GCDS service account has write permission, it can update mail attributes in Active Directory to match changes made in Google Cloud.
GCDS is designed as a one-way synchronization engine. During every sync cycle it performs LDAP search queries, reads the returned user and group objects, and then creates, updates, or deletes corresponding objects in Google Cloud. It never performs LDAP modify, add, or delete operations against the source directory, regardless of what privileges the service account might hold. Therefore Active Directory objects remain untouched. Any statement suggesting that GCDS writes passwords, alters attributes, or deletes accounts in the on-premises directory is inaccurate because those actions occur only in Cloud Identity after the data is read from LDAP.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Google Cloud Directory Sync (GCDS) interact with Active Directory?
Open an interactive chat with Bash
What security measures ensure GCDS does not alter Active Directory objects?
Open an interactive chat with Bash
Why is GCDS referred to as a 'one-way synchronization engine'?
Open an interactive chat with Bash
Can GCDS modify objects in Active Directory?
Open an interactive chat with Bash
What type of actions does GCDS perform on Cloud Identity objects?
Open an interactive chat with Bash
How does GCDS interact with password data during synchronization?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .