ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.1: Setting up cloud projects and accountsCloud IdentityActive DirectorySSOGCDS

GCP ACE · Question 02 · Domain 1.1: Setting up cloud projects and accounts

Your company is migrating to Google Cloud and wants to manage user identities centrally. They currently use an on-premises Active Directory (AD). You need to ensure that users can authenticate to Google Cloud using their existing AD credentials and that user lifecycle management is automated.

Which TWO actions should you take? (Select TWO)

Answer options:

A.

Export users from AD to a CSV file and manually import them into Cloud Identity weekly.

B.

Use Google Cloud Directory Sync (GCDS) to synchronize users from AD to Cloud Identity.

C.

Configure Single Sign-On (SSO) using SAML with your on-premises AD as the Identity Provider (IdP).

D.

Create a script using the gcloud iam service-accounts create command for each user.

E.

Set up a Cloud VPN to allow Google Cloud to directly query your on-premises AD for every login request.

How to approach this question

Identify the tools Google provides for hybrid identity management. You need one tool for provisioning (syncing) and one for authentication (SSO).

Full Answer

Use Google Cloud Directory Sync (GCDS) to synchronize users from AD to Cloud Identity., Configure Single Sign-On (SSO) using SAML with your on-premises AD as the Identity Provider (IdP).
To integrate an on-premises Active Directory with Google Cloud, you use Cloud Identity. Google Cloud Directory Sync (GCDS) automates the provisioning and deprovisioning of users by syncing AD to Cloud Identity. To allow users to log in with their AD passwords, you configure SAML-based Single Sign-On (SSO) where AD (often via ADFS) acts as the Identity Provider.

Common mistakes

Thinking that GCDS handles authentication. GCDS only syncs the user objects; SSO is required for the actual authentication flow.
01All questions03

Practice the full GCP Associate Cloud Engineer Practice Exam 7

50 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01You are starting a new initiative and need to create a new Google Cloud project using the Cloud S...EasyQ03You have just created a new Google Cloud project and want to deploy a containerized application u...MediumQ04Your finance team wants to perform complex SQL queries on your Google Cloud billing data to analy...MediumQ05You are managing a development project in Google Cloud. You want to ensure that you are notified ...EasyQ06You have just installed the Google Cloud SDK on your local workstation. You need to authenticate ...Easy
View all 50 questions →