Google Cloud Professional Cloud Security Engineer — Question 199

Your organization currently uses a third-party identity provider (IdP) that only requires a username and password for authentication. You need to enforce 2-step verification (2SV) for the Super admins in Cloud Identity. What should you do?

Answer options

• A. Create an organizational unit (OU) for Super admins, and enable 2SV within Cloud Identity for the OU.
• B. Collaborate with the third-party IdP to enable 2SV for Super admins while maintaining the current Cloud Identity configuration.
• C. Implement monitoring tools to track the authentication methods used by Super admins in Cloud Identity. Alert on those not using 2SV.
• D. Evaluate the 2SV options for Super admins offered by both the third-party IdP and Cloud Identity. Implement the solution that provides the strongest second factor.

Correct answer: A

Explanation

The correct answer is A because creating an organizational unit (OU) allows you to specifically enable 2SV for Super admins within Cloud Identity without affecting other users. Option B does not resolve the need for enforcing 2SV within Cloud Identity itself, while C focuses on monitoring rather than implementation. Option D suggests evaluating options but does not provide a direct method to enforce 2SV for Super admins.