Google Cloud Professional Cloud Security Engineer — Question 49

While migrating your organization's infrastructure to GCP, a large number of users will need to access GCP Console. The Identity Management team already has a well-established way to manage your users and want to keep using your existing Active Directory or LDAP server along with the existing SSO password.
What should you do?

Answer options

• A. Manually synchronize the data in Google domain with your existing Active Directory or LDAP server.
• B. Use Google Cloud Directory Sync to synchronize the data in Google domain with your existing Active Directory or LDAP server.
• C. Users sign in directly to the GCP Console using the credentials from your on-premises Kerberos compliant identity provider.
• D. Users sign in using OpenID (OIDC) compatible IdP, receive an authentication token, then use that token to log in to the GCP Console.

Correct answer: B

Explanation

The correct answer is B because Google Cloud Directory Sync (GCDS) automates the synchronization of user accounts and groups between your existing Active Directory or LDAP server and Google Cloud. Option A is incorrect as manual synchronization is inefficient and error-prone. Option C is not suitable since it doesn't leverage SSO or synchronization, and Option D, while valid for some scenarios, does not utilize the existing Active Directory or LDAP server directly.