Google Cloud Professional Cloud Security Engineer — Question 77

Your organization has implemented synchronization and SAML federation between Cloud Identity and Microsoft Active Directory. You want to reduce the risk of
Google Cloud user accounts being compromised. What should you do?

Answer options

• A. Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with security keys in the Google Admin console.
• B. Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with verification codes via text or phone call in the Google Admin console.
• C. Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with security keys in the Google Admin console.
• D. Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with verification codes via text or phone call in the Google Admin console.

Correct answer: C

Explanation

The correct answer is C because it emphasizes the need for a strong Active Directory policy in conjunction with security keys for 2-Step Verification, which enhances security post-SSO. The other options focus on Cloud Identity or use verification codes, which are less secure compared to security keys.