Answer-first summary for fast verification
Answer: Change the configuration of the relevant groups in the Google Workspace Admin console to prevent external users from being added to the group.
Option A is the correct answer because it directly addresses the requirement at the group configuration level in Google Workspace Admin console, preventing external users from being added to groups proactively. This aligns with Google's documentation on restricting domains for Google Groups, ensuring only internal organization users can be members. Option B is incorrect as IAM policies manage resource access, not group membership control. Option C is not suitable because IAM deny policies are complex and not intended for membership restrictions. Option D is reactive and inefficient, relying on monitoring and automated removal rather than prevention. The community discussion strongly supports A (68% consensus) with detailed reasoning from multiple users, including references to official Google documentation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
As a Cloud Identity administrator, you manage groups for application teams in Google Cloud. These groups control user permissions, and application teams can self-manage their group members via the Google Cloud console. How do you configure the groups to restrict application teams to only adding users from within your organization?
A
Change the configuration of the relevant groups in the Google Workspace Admin console to prevent external users from being added to the group.
B
Set an Identity and Access Management (IAM) policy that includes a condition that restricts group membership to user principals that belong to your organization.
C
Define an Identity and Access Management (IAM) deny policy that denies the assignment of principals that are outside your organization to the groups in scope.
D
Export the Cloud Identity logs to BigQuery. Configure an alert for external members added to groups. Have the alert trigger a Cloud Function instance that removes the external members from the group.
No comments yet.