Your organization is migrating a complex, multi-component application to Google Cloud, spanning several projects. Security is a major concern, and you must design an administrator authorization scheme that adheres to the principle of least privilege and separation of duties. What should you do?

Exam-Like

Identify the users who will migrate the application, revoke the default user roles and assign the users with purposely created custom roles.

Use multiple external identity providers (IdP) configured to use different SAML profiles and federate the IdPs for each application component.

Configure multi-factor authentication (MFA) to enforce the use of physical tokens for all users who will migrate the application.

No action needed. When a Google Cloud organization is created, the appropriate permissions are automatically assigned to all users in the domain.

Google Professional Cloud Security Engineer