ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Security Engineer All Questions

View all questions & answers for the Professional Cloud Security Engineer exam
Go to Exam

Exam Professional Cloud Security Engineer topic 1 question 43 discussion

Actual exam question from Google's Professional Cloud Security Engineer
Question #: 43
Topic #: 1
[All Professional Cloud Security Engineer Questions]

While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.
What should you do?

  • A. Manually synchronize the data in Google domain with your existing Active Directory or LDAP server.
  • B. Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.
  • C. Users sign in directly to the GCP Console using the credentials from your on-premises Kerberos compliant identity provider.
  • D. Users sign in using OpenID (OIDC) compatible IdP, receive an authentication token, then use that token to log in to the GCP Console.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by saurabh1805 at Oct. 26, 2020, 8:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sudarchary
Highly Voted 3 years ago
Selected Answer: B
https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-configuring-single-sign-on
upvoted 7 times
...
DebasishLowes
Highly Voted 3 years, 11 months ago
Ans : B
upvoted 5 times
...
dbf0a72
Most Recent 1 year, 1 month ago
Selected Answer: B
https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-configuring-single-sign-on
upvoted 1 times
...
AwesomeGCP
2 years, 4 months ago
Selected Answer: B
https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-configuring-single-sign-on
upvoted 2 times
...
absipat
2 years, 8 months ago
B of course
upvoted 2 times
...
ThisisJohn
3 years, 2 months ago
Selected Answer: D
My vote goes for D. From the blog post linked below " users’ passwords are not synchronized by default. Only the identities are synchronized, unless you make an explicit choice to synchronize passwords (which is not a best practice and should be avoided)". Also, from GCP documentation "Authenticating with OIDC and AD FS" https://cloud.google.com/anthos/clusters/docs/on-prem/1.6/how-to/oidc-adfs Blog post quoted above https://cloud.google.com/blog/products/identity-security/using-your-existing-identity-management-system-with-google-cloud-platform
upvoted 1 times
rr4444
3 years, 1 month ago
D sounds nice, but the user doesn't "use" the token.... that's used in the integration with Cloud Identity. So answer must be B, GCDS
upvoted 3 times
...
...
saurabh1805
4 years, 3 months ago
B is correct answer here.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel