Google Cloud Professional Cloud Security Engineer — Question 323

Your organization is migrating a complex application to Google Cloud. The application has multiple internal components that interact with each other across several Google Cloud projects. Security is a major concern, and you must design an authorization scheme for administrators that aligns with the principles of least privilege and separation of duties. What should you do?

Answer options

• A. Identify the users who will migrate the application, revoke the default user roles and assign the users with purposely created custom roles.
• B. Use multiple external identity providers (IdP) configured to use different SAML profiles and federate the IdPs for each application component.
• C. Configure multi-factor authentication (MFA) to enforce the use of physical tokens for all users who will migrate the application.
• D. No action needed. When a Google Cloud organization is created, the appropriate permissions are automatically assigned to all users in the domain.

Correct answer: A

Explanation

The correct answer is A because it involves identifying specific users and assigning them custom roles, which aligns with the principles of least privilege and separation of duties. Option B, while it discusses identity providers, does not address the least privilege principle directly. Option C focuses on security but does not ensure role management or separation of duties. Option D is incorrect as it assumes all necessary permissions are automatically assigned, which is not necessarily the case in a complex application environment.