Answer-first summary for fast verification
Answer: Identify the users who will migrate the application, revoke the default user roles and assign the users with purposely created custom roles.
Option A is correct because it directly addresses the principles of least privilege and separation of duties by identifying specific users, revoking broad default roles, and creating custom roles with only the necessary permissions. This ensures administrators have minimal required access, reducing the attack surface. Option B (using multiple external IdPs with SAML) focuses on authentication rather than authorization and does not inherently enforce least privilege. Option C (MFA with physical tokens) is an authentication security measure but does not address authorization or privilege management. Option D is incorrect because default roles in Google Cloud are often overly permissive (e.g., Owner, Editor) and violate least privilege principles, requiring manual adjustment for security.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your organization is migrating a complex, multi-component application to Google Cloud, spanning several projects. Security is a major concern, and you must design an administrator authorization scheme that adheres to the principle of least privilege and separation of duties. What should you do?
A
Identify the users who will migrate the application, revoke the default user roles and assign the users with purposely created custom roles.
B
Use multiple external identity providers (IdP) configured to use different SAML profiles and federate the IdPs for each application component.
C
Configure multi-factor authentication (MFA) to enforce the use of physical tokens for all users who will migrate the application.
D
No action needed. When a Google Cloud organization is created, the appropriate permissions are automatically assigned to all users in the domain.