Google Professional Cloud Architect

Get started today

Ultimate access to all questions.

Your company has recently activated Google Cloud Identity to manage its users and has configured a Google Cloud Organization. The security team is tasked with securing all projects within this Organization. They need to ensure that IAM users outside the company's domain do not gain permissions to any resources within these projects. What should they do to achieve this goal?

Exam-Like

Configure an organization policy to restrict identities by domain.

93.6%

Configure an organization policy to block creation of service accounts.

Comments

Loading comments...

Configure Cloud Scheduler to trigger a Cloud Function every hour that removes all users that don't belong to the Cloud Identity domain from all projects.

2.6%

Create a technical user (e.g., crawler@yourdomain.com), and give it the project owner role at root organization level. Write a bash script that: - Lists all the IAM rules of all projects within the organization. - Deletes all users that do not belong to the company domain. Create a Compute Engine instance in a project within the Organization and configure gcloud to be executed with technical user credentials. Configure a cron job that executes the bash script every hour.

0.0%