Crucial Exams

GCP Professional Cloud Security Engineer Practice Question

Your organization syncs Active Directory users and groups to Cloud Identity with GCDS every 4 hours. After an employee is terminated, their AD account is disabled immediately, yet they can still sign in to the Google Cloud Console until the next GCDS run, which violates policy. You must redesign the identity architecture so that a disabled AD account loses Google access within minutes, while still automating provisioning and avoiding major changes to the AD schema. What should you do?

  • Increase the GCDS job frequency to every 5 minutes and change its deletion handling rules to suspend users instead of deleting them.

  • Replace GCDS with a SCIM 2.0 connector that pushes updates from AD directly to Cloud Identity in real time.

  • Have HR export disabled users to a CSV file and run a scheduled script that calls the Cloud Identity Directory API to suspend the accounts.

  • Configure Cloud Identity for SAML single sign-on that uses AD FS as the identity provider, and keep GCDS only for periodic account provisioning.

GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot