Google Cloud Professional Cloud Security Engineer — Question 300

You are responsible for managing your company's identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user's access, but the user lost their second factor for 2SV. You want to minimize risk. What should you do?

Answer options

• A. On the Google Admin console, select the appropriate user account, and generate a backup code to allow the user to sign in. Ask the user to update their second factor.
• B. On the Google Admin console, temporarily disable the 2SV requirements for all users. Ask the user to log in and add their new second factor to their account. Re-enable the 2SV requirement for all users.
• C. On the Google Admin console, select the appropriate user account, and temporarily disable 2SV for this account. Ask the user to update their second factor, and then re-enable 2SV for this account.
• D. On the Google Admin console, use a super administrator account to reset the user account's credentials. Ask the user to update their credentials after their first login.

Correct answer: A

Explanation

The correct answer is A because generating a backup code allows the user to securely log in without compromising the security of the 2SV process. Option B poses a risk by disabling 2SV for all users, which could expose the entire organization to security threats. Option C temporarily disables 2SV only for one account, which is less secure than providing a backup code. Option D resets credentials but does not directly address the issue with the lost second factor.