Google Cloud Digital Leader — Question 35

Your organization uses Active Directory to authenticate users. Users' Google account access must be removed when their Active Directory account is terminated.
How should your organization meet this requirement?

Answer options

• A. Configure two-factor authentication in the Google domain
• B. Remove the Google account from all IAM policies
• C. Configure BeyondCorp and Identity-Aware Proxy in the Google domain
• D. Configure single sign-on in the Google domain

Correct answer: D

Explanation

The correct answer is D, as configuring single sign-on (SSO) allows for seamless integration between Active Directory and Google accounts. This means that when a user's Active Directory account is disabled, their access to Google services will also be automatically revoked. Options A, B, and C do not ensure that Google access is directly tied to the Active Directory account status, making them less effective for this requirement.