Google Cloud Professional Cloud Security Engineer — Question 248

A customer terminates an engineer and needs to make sure the engineer's Google account is automatically deprovisioned.
What should the customer do?

Answer options

• A. Use the Cloud SDK with their directory service to remove their IAM permissions in Cloud Identity.
• B. Use the Cloud SDK with their directory service to provision and deprovision users from Cloud Identity.
• C. Configure Cloud Directory Sync with their directory service to provision and deprovision users from Cloud Identity.
• D. Configure Cloud Directory Sync with their directory service to remove their IAM permissions in Cloud Identity.

Correct answer: C

Explanation

The correct answer is C because configuring Cloud Directory Sync allows for the automatic provisioning and deprovisioning of users based on the directory service. Options A and D focus only on IAM permissions, which do not address the full requirement of account deprovisioning. Option B, while mentioning provisioning and deprovisioning, relies on the Cloud SDK, which does not automate the process as effectively as Cloud Directory Sync.