Google Cloud Professional Cloud Security Engineer — Question 108

You plan to synchronize identities to Cloud Identity from a third-party identity provider (IdP). You discovered that some employees used their corporate email address to set up consumer accounts to access Google services. You need to ensure that the organization has control over the configuration, security, and lifecycle of these consumer accounts.

What should you do? (Choose two.)

Answer options

• A. Mandate that those corporate employees delete their unmanaged consumer accounts.
• B. Reconcile accounts that exist in Cloud Identity but not in the third-party IdP.
• C. Evict the unmanaged consumer accounts in the third-party IdP before you sync identities.
• D. Use Google Cloud Directory Sync (GCDS) to migrate the unmanaged consumer accounts' emails as user aliases.
• E. Use the transfer tool to invite those corporate employees to transfer their unmanaged consumer accounts to the corporate domain.

Correct answer: B

Explanation

The correct answer is B because reconciling accounts ensures that all identities are accounted for in Cloud Identity, preventing issues with account management. Option A is ineffective as forcing deletion does not help in managing accounts centrally. Option C does not address the need for synchronization, while D and E do not directly resolve the issue of organizational control over consumer accounts.