Google Cloud Professional Cloud Security Engineer — Question 60

Your company has been creating users manually in Cloud Identity to provide access to Google Cloud resources. Due to continued growth of the environment, you want to authorize the Google Cloud Directory Sync (GCDS) instance and integrate it with your on-premises LDAP server to onboard hundreds of users. You are required to:
✑ Replicate user and group lifecycle changes from the on-premises LDAP server in Cloud Identity.
✑ Disable any manually created users in Cloud Identity.
You have already configured the LDAP search attributes to include the users and security groups in scope for Google Cloud. What should you do next to complete this solution?

Answer options

• A. 1. Configure the option to suspend domain users not found in LDAP. 2. Set up a recurring GCDS task.
• B. 1. Configure the option to delete domain users not found in LDAP. 2. Run GCDS after user and group lifecycle changes.
• C. 1. Configure the LDAP search attributes to exclude manually created Cloud Identity users not found in LDAP. 2. Set up a recurring GCDS task.
• D. 1. Configure the LDAP search attributes to exclude manually created Cloud Identity users not found in LDAP. 2. Run GCDS after user and group lifecycle changes.

Correct answer: A

Explanation

The correct answer is A because suspending users not found in LDAP ensures that manually created users in Cloud Identity are disabled, which meets the requirement. Option B is incorrect as deleting users instead of suspending them would not meet the requirement to disable them. Options C and D do not address the need to disable manually created users in Cloud Identity, as they focus on exclusion rather than suspension.