Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your organization syncs 40,000 Active Directory users and groups into Cloud Identity with GCDS, but only about 2,000 ever sign in to Google services. Each synchronized user consumes a Cloud Identity license, increasing cost and audit overhead. Leadership wants a new design that 1) keeps ADFS SAML SSO with AD credentials and 2) avoids creating standing Google accounts for the other 38,000 users while still exposing their AD group memberships for IAM policies. Which solution best meets these requirements with minimal ongoing effort?

  • Replace GCDS with a groups-only sync tool and rely on just-in-time provisioning to create Cloud Identity users the first time they single sign-on.

  • Enable Google account linking so employees authenticate with personal Gmail accounts federated to their corporate email addresses, eliminating directory synchronization.

  • Continue using GCDS for all users and groups but run it only quarterly and enable password-hash sync so users authenticate with their AD passwords.

  • Create a Workforce Identity Federation pool and SAML provider that trusts ADFS, include AD group claims in the SAML assertion, and turn off user-account synchronization in GCDS.

GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot