Google Cloud Professional Cloud Security Engineer — Question 24

Your team wants to centrally manage GCP IAM permissions from their on-premises Active Directory Service. Your team wants to manage permissions by AD group membership.
What should your team do to meet these requirements?

Answer options

• A. Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
• B. Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
• C. Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
• D. Use the Admin SDK to create groups and assign IAM permissions from Active Directory.

Correct answer: A

Explanation

Setting up Cloud Directory Sync allows for the synchronization of AD groups, which can then be directly assigned IAM permissions, meeting the requirement for centralized management. The other options involve methods that do not directly sync AD groups for IAM management, making them less suitable for the specified requirements.