Google Cloud Professional Cloud Security Engineer — Question 350

Your organization has hired a small, temporary partner team for 18 months. The temporary team will work alongside your DevOps team to develop your organization's application that is hosted on Google Cloud. You must give the temporary partner team access to your application's resources on Google Cloud and ensure that partner employees lose access. If they are removed from their employer's organization. What should you do?

Answer options

• A. Create a temporary username and password for the temporary partner team members. Auto-clean the usernames and passwords after the work engagement has ended.
• B. Create a workforce identity pool and federate the identity pool with the identity provider (IdP) of the temporary partner team.
• C. Implement just-in-time privileged access to Google Cloud for the temporary partner team.
• D. Add the identities of the temporary partner team members to your identity provider (IdP).

Correct answer: B

Explanation

The correct answer is B because creating a workforce identity pool and federating it with the temporary partner's IdP allows for seamless management of access rights and ensures that access is automatically revoked when employees leave the partner organization. Option A is not secure, as usernames and passwords can be easily shared or reused. Option C is not the most efficient solution for temporary access management, and option D does not provide the same level of automation for access revocation.