ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud Architect All Questions

View all questions & answers for the Professional Cloud Architect exam
Go to Exam

Exam Professional Cloud Architect topic 1 question 177 discussion

Actual exam question from Google's Professional Cloud Architect
Question #: 177
Topic #: 1
[All Professional Cloud Architect Questions]

Your company has just recently activated Cloud Identity to manage users. The Google Cloud Organization has been configured as well. The security team needs to secure projects that will be part of the Organization. They want to prohibit IAM users outside the domain from gaining permissions from now on. What should they do?

  • A. Configure an organization policy to restrict identities by domain.
  • B. Configure an organization policy to block creation of service accounts.
  • C. Configure Cloud Scheduler to trigger a Cloud Function every hour that removes all users that don't belong to the Cloud Identity domain from all projects.
  • D. Create a technical user (e.g., [email protected]), and give it the project owner role at root organization level. Write a bash script that: ג€¢ Lists all the IAM rules of all projects within the organization. ג€¢ Deletes all users that do not belong to the company domain. Create a Compute Engine instance in a project within the Organization and configure gcloud to be executed with technical user credentials. Configure a cron job that executes the bash script every hour.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by StelSen at Dec. 28, 2021, 3:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kimharsh
Highly Voted 2 years, 7 months ago
LOL , if we give this question to someone who know nothing about GCP they will select A
upvoted 19 times
...
Fotofilico
Highly Voted 2 years, 11 months ago
Selected Answer: A
https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains
upvoted 18 times
...
Tirthankar17
Most Recent 10 months ago
Whoever wrote option D was high af.
upvoted 4 times
...
Jconnor
1 year ago
D is Ridiculous.
upvoted 1 times
...
Atanu
1 year, 6 months ago
Selected Answer: A
Option D is just to create confusion only.
upvoted 1 times
...
CGS22
1 year, 9 months ago
Selected Answer: A
The correct answer is: A. Configure an organization policy to restrict identities by domain. This solution will allow the security team to secure projects that will be part of the Organization by prohibiting IAM users outside the domain from gaining permissions. The other options are not as efficient or effective. Option B would not be efficient, as it would block the creation of all service accounts, which are necessary for some applications. Option C would not be effective, as it would not prevent IAM users from gaining permissions, as it would only remove users that do not belong to the Cloud Identity domain from all projects. Option D would not be efficient, as it would require a Compute Engine instance to be created and a cron job to be configured, which would add complexity and cost to the solution.
upvoted 2 times
...
someCloudUser
1 year, 9 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
omermahgoub
1 year, 11 months ago
The security team should configure an organization policy to restrict identities by domain. This will allow them to specify a list of allowed domains, and prevent users from outside those domains from gaining permissions in the Organization. Alternatively, the security team could configure an organization policy to block creation of service accounts. This would prevent the creation of new service accounts, which could be used to grant permissions to users outside the domain. The other options are not recommended. Option C involves manually removing users every hour, which could be time-consuming and error-prone. Option D involves creating a technical user and writing a bash script to delete users, which is not a recommended approach. It would be more secure and efficient to use an organization policy to restrict identities by domain.
upvoted 2 times
...
surajkrishnamurthy
1 year, 12 months ago
Selected Answer: A
A Is the Correct Answer
upvoted 1 times
...
megumin
2 years ago
Selected Answer: A
A is ok
upvoted 1 times
...
Mahmoud_E
2 years, 1 month ago
Selected Answer: A
A is the correct answer https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains
upvoted 1 times
...
AzureDP900
2 years, 2 months ago
A is right
upvoted 1 times
...
manis68
2 years, 2 months ago
Selected Answer: A
A is OK
upvoted 1 times
...
exam9391
2 years, 4 months ago
Selected Answer: A
A is ok
upvoted 3 times
...
azureaspirant
2 years, 10 months ago
2/15/21 exam
upvoted 5 times
...
blk_rook
2 years, 11 months ago
Selected Answer: A
must restrict the access, not clean up every hour. see reference from Fotofilico
upvoted 3 times
...
AJapieGuru
2 years, 11 months ago
Go for A
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel