Answer-first summary for fast verification
Answer: Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users.
The correct answer is D. The organizational policy constraint to limit identities by domain can be used to ensure that only users with email addresses matching your domain can access resources. However, this policy is not retroactive, meaning it will not automatically remove existing mismatched users. You will need to retroactively remove the existing mismatched users after setting the policy. This approach ensures ongoing compliance without requiring continuous manual audits.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
During a recent audit of your current Google Cloud resources, you identified the presence of several users whose email addresses are not part of your established Google Workspace domain. To uphold security and governance standards, it is crucial to ensure that access to your resources is limited strictly to users with email addresses within your domain. Therefore, you need to remove any users whose email addresses do not align with your domain, and you seek a solution that circumvents the need for manually auditing resources to pinpoint these mismatched users. What action should you take?
A
Create a Cloud Scheduler task to regularly scan your projects and delete mismatched users.
B
Create a Cloud Scheduler task to regularly scan your resources and delete mismatched users.
C
Set an organizational policy constraint to limit identities by domain to automatically remove mismatched users.
D
Set an organizational policy constraint to limit identities by domain, and then retroactively remove the existing mismatched users.
No comments yet.