Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?
Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?
To meet the requirements of centrally managing GCP IAM permissions from an on-premises Active Directory Service by AD group membership, your team should set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups. Cloud Directory Sync ensures that the AD identities and groups are replicated in GCP, allowing IAM permissions to be applied directly to these synced groups. This method ensures seamless identity and access management integration between on-premises AD and GCP.
Answer. is A. B is just the method of authentication, all the heavy lifting is done in A
Correct Answer is A as explained here https://www.udemy.com/course/google-security-engineer-certification/?referralCode=E90E3FF49D9DE15E2855 "In order to be able to keep using the existing identity management system, identities need to be synchronized between AD and GCP IAM. To do so google provides a tool called Cloud Directory Sync. This tool will read all identities in AD and replicate those within GCP. Once the identities have been replicated then it's possible to apply IAM permissions on the groups. After that you will configure SAML so google can act as a service provider and either you ADFS or other third party tools like Ping or Okta will act as the identity provider. This way you effectively delegate the authentication from Google to something that is under your control."
SSO will only validate identity, that doesn't sync the groups! Answer is A
A is correct for me
Answer is A. GCP Cloud Skills Boost has an exact example on this using the fictitious bank called Cymbal Bank, and clearly call out the GCDS process to push Microsoft AD/LDAP into established Users and Groups in your GCP identity domain
Correct Answer is A. The keyword is on-prem AD groups which can be synced using Google Dir Sync which then you can apply IAM roles in it.. Without Google Dir Sync, how can you pull the on-prem AD groups? Without it, SSO solution will not work.
The question clearly states that, centrally manage. So, Cloud Sync is correct one.
With A the user and groups management is done in AD as it's asked.
A will do
Using third-party IDP connectors for sync Many identity management vendors (such as Ping and Okta) provide a connector for G Suite and Cloud Identity Global Directory, which sync changes to users via the Admin SDK Directory API. The identity providers control usernames, passwords and other information used to identify, authenticate and authorize users for web applications that Google hosts—in this context, it’s the GCP console. There are a number of existing open source and commercial identity provider solutions that can help you implement SSO with Google. (Read more about SAML-based federated SSO if you’re interested in using Google as the identity provider.)
https://bard.google.com/ answer is A
Correct answer is A.
A is the correct answer.
Cloud directory sync is for this purpose.
the correct answer is indeed A as Cloud directory sync is the best approach
Answer is B. "Centrally manage from their ...", so, SAML and manage in the on-premise AD
I cleared my Google Professional Cloud Security Engineer Exam Dumps exam by a great score of 88%. All the credit goes to Pass4surexams for providing such great service which helped me a lot.