Google Cloud Professional Cloud Security Engineer — Question 264

You are the Security Admin in your company. You want to synchronize all security groups that have an email address from your LDAP directory in Cloud IAM.
What should you do?

Answer options

• A. Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have ג€user email addressג€ as the attribute to facilitate one-way sync.
• B. Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have ג€user email addressג€ as the attribute to facilitate bidirectional sync.
• C. Use a management tool to sync the subset based on the email address attribute. Create a group in the Google domain. A group created in a Google domain will automatically have an explicit Google Cloud Identity and Access Management (IAM) role.
• D. Use a management tool to sync the subset based on group object class attribute. Create a group in the Google domain. A group created in a Google domain will automatically have an explicit Google Cloud Identity and Access Management (IAM) role.

Correct answer: A

Explanation

The correct answer is A because it specifies a one-way synchronization of security groups using the 'user email address' attribute, which is the requirement stated in the question. Option B is incorrect as it suggests bidirectional sync, which is not needed. Options C and D focus on creating groups in the Google domain and do not address the synchronization requirement directly.