professional-cloud-architect question 256 discussion

View all Professional Cloud Architect on Google Cloud Platform here
back to google forum

Question 256 Topic 6

Your company has just recently activated Cloud Identity to manage users. The Google Cloud Organization has been
configured as well. The security team needs to secure projects that will be part of the Organization. They want to prohibit
IAM users outside the domain from gaining permissions from now on. What should they do?

  • A. Configure an organization policy to restrict identities by domain.
  • B. Configure an organization policy to block creation of service accounts.
  • C. Configure Cloud Scheduler to trigger a Cloud Function every hour that removes all users that dont belong to the Cloud Identity domain from all projects.
  • D. Create a technical user (e.g., [email protected]), and give it the project owner role at root organization level. Write a bash script that: Lists all the IAM rules of all projects within the organization. Deletes all users that do not belong to the company domain. Create a Compute Engine instance in a project within the Organization and configure gcloud to be executed with technical user credentials. Configure a cron job that executes the bash script every hour.
Answer:

D


Explanation:
Reference: https://sysdig.com/blog/gcp-security-best-practices/

User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
0 / 1000
Sanjay191985
1 year, 1 month ago

Create a technical user (e.g., [email protected]), and give it the project owner role at root organization level. Write a bash script that: Lists all the IAM rules of all projects within the organization. Deletes all users that do not belong to the company domain. Create a Compute Engine instance in a project within the Organization and configure gcloud to be executed with technical user credentials. Configure a cron job that executes the bash script every hour.

0
wayne997035
2 months ago

Option D is just to create confusion only.

0